Tag Archives: marketing

Radio Free Europe/Radio Liberty (RFE/RL) Targeted for DDoS attack

Radio Free Europe/Radio Liberty has been targeted in an Internet attack known as a distributed denial of service (DDoS). The attack has disrupted RFE/RL’s global multimedia news and information services intermittently since November 14. Nonetheless, its computer network was working on November 18 and broadcasts have continued normally. The attack has not prevented the public from accessing RFE/RL’s web pages. But it has slowed the ability of RFE/RL’s broadcasting services to upload fresh news stories, photographs, and video to the Internet. RFE/RL President Kevin Klose said information is still being gathered about the attack, but he confirmed that it is believed to be “targeted.” Klose said a decision was taken on November 18 to report on the attack in response to the needs of the broadcasters’ audiences, “who rely on RFE/RL reporting, and who themselves contend with countless obstacles to connect with us every day.” RFE/RL’s content-management system also supports Voice of America, Middle East Broadcasting, and the Office of Cuba Broadcasting. Those U.S. international media networks also have been adversely affected by the attacks but continue to operate. Klose described the attack as “stark evidence of the challenges that confront the free dissemination and exchange of information in this age.” A DDoS attack floods the target with fake requests that come from thousands or even millions of computers that have been compromised or infected with viruses or malware. RFE/RL experienced a more limited DDoS attack against its Belarusian language service in 2008. RFE/RL Director of Technology Luke Springer said the latest attack was discovered on November 14 when hardware for the international media organization’s computer network began receiving many times more requests than normal. At the peak of the attack, the RFE/RL network was receiving requests for data from hundreds of thousands of computers every second. Springer said that means there are probably more than 1 million malware-infected computers being directed by the attackers — most likely without the knowledge of the computer owners. Technical investigations show that nearly 80 percent of the computers sending out requests for data as part of the DDoS attack are in China and nearly 20 percent are in Russia. But Springer said those findings do not indicate who is responsible for the attack. Attempts to make technical changes that counter the attack have temporarily alleviated the problem. But Springer said the attackers also have been changing their methods, allowing them to continue disrupting services intermittently. Springer said the DDoS attack has not damaged RFE/RL’s network equipment. But he says that “filling up the Internet pipeline with so many bogus requests has caused a traffic jam.” RFE/RL is a private, nonprofit organization funded by a grant from the U.S. Congress.

Read the article:
Radio Free Europe/Radio Liberty (RFE/RL) Targeted for DDoS attack

Pro Afrikaans Action Group (Praag) under DDoS attack

Afrikaans language activist group Praag intends to lay criminal charges against people responsible for attacking its website, the group said on Thursday. Pro Afrikaans Action Group (Praag) founder Dan Roodt said the website and servers had been under a “distributed denial of service” (DDOS) attack, causing disruptions since Tuesday. He believed the attack was aimed at bankrupting Praag and its service provider through the consumption of bandwidth and damage to network infrastructure. “We are going to lay charges with the SA Police Service under the Electronic Communications and Transactions (ECT) Act 25 of 2002 for the DDOS attack against us, but also against those anonymous individuals slandering us on Facebook, social media, and in relation to potential advertisers on our site,” said Roodt. On Sunday, Rapport reported that Google had decided to stop channelling advertising to Praag, and this threatened the future of the website. Roodt told the paper that Praag made thousands of rands from advertising on its website, and would not be able to function without advertisers. He said Google told him that Afrikaans was not a recognised advertising language and it could channel advertisements only to the English version of the Praag website. Roodt, however, alleged that a woman who opposed Praag was behind the problem. He claimed the woman had started a “malicious and fanatical” Facebook group called “Speak Out Against the Website Praag”. In a letter she reportedly posted on the social media network, she accused Praag of being racist and of spreading hate speech, and shared the letter with companies she claimed were helping it spread this message by advertising on the website. On Thursday, Roodt said he had the backing of supporters to take on the attackers. “We will not be using the distasteful and underhanded techniques of our opponents but will be defending ourselves in an open, transparent and legal manner,” he said. Source: http://www.iol.co.za/news/crime-courts/charges-pending-after-praag-web-attack-1.1607313#.UoTwduLrKb4

View the original here:
Pro Afrikaans Action Group (Praag) under DDoS attack

3-Cyber attack “war game” tests London banks

* Exercise involved “fake foreign government attack”-source * Also involved “denial of service attack” – source * Event dubbed “Waking Shark II” * Bank of England has told banks to strengthen defences By Matt Scuffham and Joshua Franklin A cyber attack by a foreign government on financial markets played out in one of London’s historic halls on Tuesday in a “war game” simulation designed to test the City’s defences against online saboteurs. About 100 bankers, regulators, government officials and market infrastructure providers gathered to take part in a exercise dubbed “Waking Shark II” at Plaisterers’ Hall in the heart of Britain’s financial district. Regulators and companies are growing increasingly concerned about the threat of cyber crime to the banking system, including the impact of coordinated online assaults or hacking attacks on specific lenders. The Bank of England has told banks to strengthen their defences against cyber attacks. One unidentified London-listed company incurred losses of 800 million pounds ($1.3 billion) in a cyber attack several years ago, according to British security services. Tuesday’s five and a half hour event ran from 1200 GMT and involved simulations designed to test how well banks and other market players communicate and coordinate with authorities and each other, sources told Reuters. An industry source who attended said one of the simulations featured a cyber attack by a fake foreign government and a denial-of-service (DOS) attack, which makes network resources unavailable to users. The source described the test as a “productive exercise” which left participants better equipped to deal with a real-life attack. The finance ministry, Bank of England and the Financial Conduct Authority said the exercise had been “sustained and intensive”. “A thorough review of the lessons learned is underway to identify potential improvements to the resilience of the sector,” their joint statement added. A report will be published early in the new year. REAL CHALLENGE The event, one of the largest of its kind in the world, follows a similar large-scale simulation in New York this year dubbed “Quantum Dawn 2? and comes amid heightened fears over the threat from hacking and cyber attacks. “This is a good opportunity to iron out any flaws now before our cyber defences are tested in anger,” said Stephen Bonner, a partner in KPMG’s Information Protection & Business Resilience team. Richard Horne, a partner at PricewaterhouseCoopers who specialises in cyber security, said the exercise was useful but the real challenge lay in co-ordinating across the industry to make sure a crisis scenario is never reached. “It will take a lot of detailed technical work and testing, coordinated across the industry, to really understand all the interdependencies and develop meaningful containment and recovery plans,” Horne said. The investment banking industry itself played a key role in co-ordinating the exercise, along with the Bank of England, the Treasury and the Financial Conduct Authority (FCA) and follows a similar exercise two years ago, the sources said. Institutions involved in this year’s test included Barclays , BNP Paribas, Bank of America, CHAPS, Commerzbank, Credit Suisse, Deutsche Bank , Euroclear, Goldman Sachs, HSBC, JP Morgan, LCH Clearnet, London Stock Exchange, Morgan Stanley, Nomura, Royal Bank of Scotland , SocGen, SWIFT and UBS, according to a source familiar with the matter. Source: http://www.reuters.com/article/2013/11/12/banks-wargame-idUSL5N0IX48C20131112

Read the original:
3-Cyber attack “war game” tests London banks

Decoding the cyber attacks – DDoS against Singapore Government

Hacktivism arrived in Singapore 10 days ago in the form of “the Messiah”, who claimed to be a member of global cyber activism group Anonymous. He threatened to unleash a legion of hackers on the country and its infrastructure if the Government did not revoke its licensing regime for news websites. Should Singaporeans be afraid? ON OCT 29, as ordinary Singaporeans went about their Tuesday, political protest took an unexpected turn. This day marked the arrival of the hacktivist in Singapore – a new breed of protester who hacks into online sites to make a point. And that day, the Singapore Government was his declared target. In a blurry YouTube video, a masked man threatened chaos on the country and its infrastructure if the licensing regime for news websites, instituted in June, was not lifted. Identifying himself as a part of cyber activism group Anonymous, he declared: “For every single time you deprive a citizen his right to information, we will cost you financial loss by aggressive cyber-intrusion.” What preceded and followed the video message were defacements of several websites, from that of the Ang Mo Kio Town Council to The Straits Times ’ blog section, by a hacker calling himself “the Messiah”. Last Saturday, when several government websites went down for several hours, some Singaporeans wondered if it was the start of the threatened chaos. Communications consultant Priscilla Wong, 36, says: “My first thought was, could this be ‘the Messiah’ carrying out his threats?” But the Infocomm Development Authority (IDA) of Singapore, the local sector regulator, told the media that it was not a case of hacking, but of scheduled maintenance that took longer than expected due to technical glitches. Then, on Wednesday, Prime Minister Lee Hsien Loong said that the authorities would spare no effort in finding the hackers, and that they would be dealt with severely. Two days later, a page on both the Prime Minister’s Office (PMO) and the Istana websites were hacked in retaliation. This move took the hostilities to a new level, say observers. “If you presume it’s the same guy or the same group, then this shows escalating tensions,” says PAP MP Zaqy Mohamad, who chairs the Government Parliamentary Committee on Information and Communications. “I suppose they took PM’s words as a challenge, and to some extent, it showed their confidence and brazenness.” How significant is this emergence of local hacktivism, and what are the ramifications? What happened? While the website defacement left many wondering if the leaking of classified personal information was just a string of codes away, cyber experts say there is a gulf between the technical skills required for the two acts, and that the two activities tend to be carried out by different groups for different purposes. Website defacements are generally considered “low-level” hacking jobs, says Paul Ducklin, a consultant at security software firm Sophos. The next level up is DDoS attacks, short for Distributed Denial of Service. In DDoS attacks, the attacker creates a network using thousands of infected computers worldwide, which are then made to overwhelm a targeted site with a huge spike in traffic. The IDA revealed on Friday that there was an unusually high level of traffic to many government websites on Nov 5, the day of the Messiah’s threatened attack, and that these indicated either attempts to scan for vulnerabilities or potential DDoS attempts. While such attacks may cause inconveniences by slowing down website access for users, they do not usually result in a loss of data or information. In the case of the PMO and Istana Web pages, the hackers exploited a vulnerability known as “cross-site scripting”, which resides in an unpatched Google search bar embedded in a Web page on each of the two government websites. Users had to type a specially crafted string of alpha-numeric search terms – understood to have been circulated on online forums – in the Google search bar before an image resembling a defaced page came on screen. IDA assistant chief executive James Kang stressed that the integrity and operations of both sites were not affected. “Data was not compromised, the site was not down and users were not affected,” he said. The most severe attacks, those resulting in personal information theft, are usually carried out in stealth by organised crime groups for financial gain, say experts. They use computer programs such as keylogging software to harvest passwords and banking account details. Foreign academics studying the Anonymous group note that the hacktivists do not have the financial wherewithal, nor desire, to perpetrate this level of cyber crime. An expert on the Anonymous collective, Gabriella Coleman of Canada’s McGill University, wrote in a recent academic paper: “It has neither the steady income nor the fiscal sponsorship to support a dedicated team tasked with recruiting individuals, coordinating activities and developing sophisticated software.” The Messiah’s actions so far seem consistent with Anonymous’ modus operandi of symbolic protest instead of real damage. “The attacks so far were mainly targeted at government-linked organisations with the purpose of creating attention, rather than causing direct damage,” says Alvin Tan, director for anti-virus software company McAfee Singapore and the Philippines. The Internet Society’s Singapore chapter president Harish Pillay emphasises that the websites that have been defaced by “the Messiah” are not high-security ones. There is no reason to link the hacking of such websites to intrusion into classified government databases, he says. “That’s like saying that since a shophouse next to Parliament House got burgled, then Parliament House is in danger of being burgled. The two are not the same.” Still, the threats have made an impact. Last Saturday, the IDA took down some of the gov.sg websites for maintenance in an attempt to patch vulnerabilities. A combination of Internet routing issues and hardware failures caused a glitch, which took the websites offline longer than expected that day, IDA said. Plugging weaknesses On Wednesday, PM Lee confirmed that the Government was beefing up its systems but cautioned that it was not possible to be “100% waterproof”, as IT systems are complicated and “somewhere or other, there will be some weakness which could be exploited”. In the wake of the hacking of the PMO and Istana pages, the IDA said that it is continuing to strengthen all government websites. This includes the checking and fixing of vulnerabilities and software patching. But bringing cyber security here up to a level that could deter elite “crackers” – the term for ill-intentioned hackers – will be challenging, say experts. A major obstacle is the lack of security experts not just in Singapore but also worldwide. Singaporean Freddy Tan, chairman of the International Information Systems Security Certification Consortium – or (ISC)2, estimates the shortfall of infocomm security staff in Singapore to be at least 400. (ISC)2 is the world’s largest not-for-profit body that educates and certifies IT security professionals. Specifically, there is a severe shortage of security analysts and digital forensics workers who monitor Internet traffic patterns, says Tan. Value of cyber protest “The Messiah” and his colleagues have heralded a new age of digital protest here. But observers are split on whether it is a valuable form of social and political activism. “It gets people to sit up and ask, what’s going on here?” notes Pillay. When it comes to the issues, the Messiah and his colleagues seem to be interested in a gamut of them. Experts say the overall agenda seems to concern equality, looking out for the underdog and a call for transparency. The lynchpin demand, made in the YouTube video on Oct 29, was directed at the Government’s licensing regime for news websites. The regulations require selected news sites with at least 50,000 unique visitors from Singapore each month over a period of two months to post a S$50,000 (RM130,000) bond and take down content against public interest or national harmony within 24 hours. It is opposed by some for what they perceive as its intent to suppress online free speech, and a group of bloggers has mounted a “Free My Internet” campaign against it. But the group has distanced itself from “the Messiah”, and among prominent online commentators a rift has emerged over whether to denounce the hacking or accept it as another form of social and political activism that could effect change in its own way. The hackers’ threats spurred some Netizens to reject this method of seeking to change policies, arguing that it amounted to one group seeking to impose its views on others rather than arguing its case. The Online Citizen, for example, said it did not condone Anonymous’ tactics, saying it did not condone “intentional violations of the law which are calculated to sabotage and disrupt Internet services which innocent third parties rely on for data”. Some have likened hacking to the civil disobedience practised by Singapore Democratic Party chief Chee Soon Juan in the 1990s, when he argued that it was just to disobey an unjust law. But if “the Messiah” wanted to add his heft to the campaign against the website licensing regime, observers were confused by his timing. After all, it was announced in June, and the outcry and public protests against it took place later that month. “Hacking Singapore sites for a law that was passed half a year ago is like laughing at a joke after everyone has left the party,” notes Professor Ang Peng Hwa, director at the Singapore Internet Research Centre. If and when the hackers are identified, the Singapore authorities are likely to bring a gamut of laws down to bear on them, say local lawyers. “At least three of Singapore’s broad laws might be invoked,” says lawyer Gilbert Leong, partner at Rodyk & Davidson. The first is the new Computer Misuse and Cybersecurity Act, passed in Parliament in January. It was called the Computer Misuse Act before but was amended to allow the Minister for Home Affairs to order a person or organisation to act against any cyber attack even before it has begun. For instance, telcos might have already been roped in to track the hacker. The second is the Criminal Law (Temporary Provisions) Act, which may be used against those who publish subversive materials that compromise public order. The third law is the Sedition Act, for exciting disaffection against the Government. Facing charges Whoever was behind the YouTube video could also face charges under the Internal Security Act for threatening the security of the Internet, says lawyer Bryan Tan, a partner in Pinsent Masons MPillay. If caught and proven guilty, “the Messiah” could face hefty fines and years in prison for his hacktivism. Law enforcers’ jobs would be made harder if “the Messiah” and his colleagues do not reside in Singapore. However, another law – the United Nations (Anti-Terrorism) Measures Regulations – might be used to extradite the offender to Singapore. This law might be used as “the Messiah” had threatened to attack Singapore’s infrastructure, which could be deemed by the authorities as a terrorist act. Whatever comes of “the Messiah” and Anonymous’ arrival in Singapore, hacktivism looks to be a new fact of life in an inter-connected, politicised society. It is however a tactic that many activists online have been quick to reject and Singaporeans on the whole have shown little interest in supporting. — The Straits Times/ANN Source: http://www.thestar.com.my/News/Regional/2013/11/10/Decoding-the-cyber-attacks.aspx

Read More:
Decoding the cyber attacks – DDoS against Singapore Government

DDoS as dance: Anonymous hits the ballet

A new multimedia ballet, “HackPolitik,” fuses jarring, angular movements with electroacoustic music and video projection to interpret the activities of hacker collective Anonymous. Hacker collective Anonymous is going to the ballet. Take that in; it’s not often you’ll see Anonymous and ballet in the same sentence. The unusual pairing will take place November 15 and 16 at the Boston University Dance Theater, where the Juventas New Music Ensemble debuts “HackPolitik,” a new contemporary ballet based on the hacktivist group’s activities and personalities. The piece combines electroacoustic music, modern dance, and video projection to examine how the Internet impacts 21st century discourse and sometimes blurs the lines between activism and anarchy. Instead of pastel tutus, expect to see dancers in black and white, with dramatic face paint that evokes Guy Fawkes masks. And erratic, sometimes militant movements instead of fluid pirouettes. How do hacks on Twitter and LinkedIn accounts translate to physical movement? Neither the dance nor the music is neatly representative of things like Web site defacements, distributed denial-of-service attacks, and data theft, though they do aim to capture the mood of cyber insurgency. One scene, for example, opens with a soloist appearing to search for a way into something. Once she’s successful, the rest of the dancers join her with a series of advancing movements directed at one point in space that’s meant to represent the entity being attacked. “The movement interprets the initial culture of Anonymous as a crass, chaotic, and immature world out of which particular personalities and goals emerge,” choreographer Kate Ladenheim tells CNET. “For example, in the opening of the piece, we created a phrase that we lovingly refer to as the ‘f*@% you’ phrase. There are 10 examples of immature gestures/f*@%-you hand motions that are abstracted to become full bodied and then traveled through space in various ways.” This was Ladenheim’s take on trolling, memes, and the “all-around chaos of IRC and online message boards like 4chan.” The idea for “HackPolitik” came to Boston-based composer Peter Van Zandt Lane in late 2011, when some of Anonymous’ more high-profile politically driven cyberattacks grabbed the spotlight. Lane teaches a course at Brandeis University called “Protest and Propaganda in Music,” but hadn’t had much occasion to meld those interests with his creative work. “The idea of a ballet based on the global hacktivist movement excited me, as it was a way I could potentially pull these three spheres together,” he tells CNET. The two-act piece touches, among other things, on the December 2010 distributed denial-of-service attack on PayPal. It was organized in response to PayPal halting donations to the online leaked-documents clearinghouse WikiLeaks. Another of the ballet’s 10 scenes references Anonymous’ 2011 attack on HBGary Federal, a security firm trying to investigate the loosely organized global group. “The music, on its own, says…disorder, absurdity, cohesion/collaboration, militaristic triumph, humiliation, betrayal, etc.,” Lane says. “Choreography can connect these expressions a bit more concretely to the activities of Anonymous, but ultimately, the audience has to make connections themselves, between a generally abstract art form and the specific events that inspired them.” To create the ballet, Lane; Ladenheim, artistic director of NY-based contemporary dance company The People Movers; and conductor Lidiya Yankovskaya, artistic director of the Juventas New Music Ensemble, mined author Parmy Olson’s writings on Anonymous, which closely examine the global activist movement. Anonymous has supporters worldwide, as evidenced by this week’s “Million Mask March” in cities from Washington, D.C., to Tokyo to Sao Paulo, Brazil. Some pioneers of the hacktivist movement, however, have criticized Anonymous, saying its methods abridge free speech and hurt the cause . But “HackPolitik,” Lane insists, isn’t about taking sides. “For me,” he says, “the piece is less about answers, and more about bringing up questions on how we emotionally and artistically are able to respond to the influence of technology on our society.” Source: http://news.cnet.com/8301-17938_105-57611236-1/ddos-as-dance-anonymous-hits-the-ballet/

Taken from:
DDoS as dance: Anonymous hits the ballet

Denial of Service (DDoS) Cyber attacks – are they using the same logic as terror threats?

Much has been discussed about the damage that the Advanced Persistent Threat (APT) attacks cause to corporates and governments alike. It is estimate that at least 50% of Fortune 500 companies have been compromised by APT, and the potential financial damage to these organizations is almost impossible to quantify, but probably in the trillions of US dollars. Compared to this a crude Denial of Service (DoS) attack or its more advance siblings, the Distributed Denial of Service (DDoS) attacks and Distributed Reflector (DRDoS) attacks, their outcome seems pretty benign- your site is being bombarded by thousands of request for information, until the server gives up and no-one can actually use the site. Once the attack stops, access is possible again and no damage to your IT infrastructure has occurred, no data or money was stolen and hopefully your angry customer will believe it was just a “site malfunction”. But as attack methods have become more sophisticated AND more accessible (for example, now one can simply rent hundreds of BOT computer as a service, to carry the attack for him, using a simple interface, with no need to know how to actually hack), the industry had to act, and developed means to mitigate these attacks. Several methods of DDoS mitigation exist and multiple companies offer these as a service. Now a very dangerous equation begins to unfold, one where the attacker can use simple, cheap tools (a fairly typical rate for DDoS botnet rental hovers around the $200 for 10,000 bot agents per day), and the defender must invest much larger resources, both internal (maintaining a Security Operations Center or SOC) and external (service providers), creating an inherent asymmetry. This asymmetry means that organizations wishing to mitigate this threat will keep investing (or throwing, since there is no actual gain here, only minimizing the impact) money over time, until they are in serious economic pain. And this is exactly what Islamic terrorist have been trying to do in the recent global jihad campaign- making western countries bleed money in order to try and prevent sparse attacks carried by rudimentary means. As Osama bin Laden said: “It is very important to concentrate on hitting the American economy with every available tool … the economy is the base of its military power. The United States is a great economy but at the same time it is fragile.” The risk is that using offensive cyber means one can achieve this goal much faster (and one does not have to blow himself to pieces in the process, or hurt innocent people). Therefore, prevention and not only mitigation is necessary. Organizations must be far more proactive than they are now. Sure, investments in IT security and best practices are always a good idea, but also applying preventive intelligence to greatly reduce the impact of attacks. This, couples with harsher legislation and enforcement against both the suppliers and the perpetrators of the attacks will hopefully, in the end, balance this asymmetric equation. For protection against your eCommerce site click here . Source: http://defense-update.com/20131107_denial-service-ddos-cyber-attacks-using-logic-terror-threats.html

Read the original:
Denial of Service (DDoS) Cyber attacks – are they using the same logic as terror threats?

Avoiding Website Outages During the Holiday Season

The holiday shopping season is practically upon us, and online retailers don’t want to endure any IT downtime between Thanksgiving and Christmas when many ring up a third of their annual receipts. That’s a lot of green. Online shopping carts should register nearly $100 billion this holiday season in online sales – up 12% from a year ago, estimates Shop.org. What can online retailers do to avoid outages and other disruptions? It’s an important issue because an estimated one-in-five retailers suffered outages last year. The damage? Forty-five% estimated they could lose $500,000 to $5 million in one day due to a website crash. Gartner consultants predict a 10% growth in the financial impact that cybercrime will have on online businesses through 2016. They see distributed denial-of-service (DDoS) attackers taking advantage of new software vulnerabilities to begin an assault with multiple sources and often multiple targets. These can be introduced via employee-owned devices used in the workplace and even via the Cloud. Actions to Take Now While it’s probably too late to take major actions this holiday season, retailers can still take some steps to minimize such disruptions. However, to really combat the outage and downtime challenges, retailers should begin taking more effective steps after the New Year starts to get ready for the 2014 holiday rush. Three-of-four online retailers (77%) strengthened their online IT defenses this year to reduce downtime from last year. Downtime certainly occurs. Considering the common 99.5% system uptime, this leaves 43 hours – roughly one-and-a-half days – of downtime yearly.  A key focus area should be ensuring your site can handle rapid and unexpected increases in demand. That demand can take two forms: desired demand, which should be scaled up Cyber Monday and undesired demand, which should be mitigated, like a cyberattack. Here’s what online retailers still can do before the approaching Big Season. Determine whether you can handle the increased traffic from desired demand expected during the holiday season, especially on Cyber Monday, when online sales soar. You might still be able to turn to cloud-based services to add capacity and prevent a site crash. But if you don’t have a cloud provider, it’s probably too late to make those arrangements and transfer your data to the provider’s site. Determine if you have adequate mitigation capabilities for DDoS attacks from hackers. The last quarter of the year, primarily holiday season, is when DDoS attacks increase in size and intensity. In the 2012 fourth quarter, one DDoS protection service mitigated attacks that reached more than 50 gigabits per second directed against ecommerce clients; the average attack duration was 32.2 hours. Find out how various types of DDoS threats can impact different elements of your network and determine mitigation actions that can protect them, including employing a DDoS mitigation service. Keep tabs on blogs and social media sites because hackers enjoy bragging about their activities and sometimes disclose their next industry target. Make sure your payment data being collected remains secure because attackers often are going after customer credit card data. For retailers about to begin or who have begun what’s called the “network freeze,” in which no changes of any type can be made to their network and system components or apps operations until mid-January to avoid triggering downtime, if any severe vulnerability that has the potential to cause downtime is found, an emergency change window should be requested to remediate the problem – even during the “freeze.” This “freeze” practice actually is a Payment Card Industry (PCI) regulation. But only 21%bof businesses that store credit and debit card data comply with that regulation in between their mandatory annual audits, a Verizon study finds. What to Do for Next Holiday Season When the holiday and post-holiday sales rush slows, begin thinking about the 2014 holiday season, especially if you’re really bent on enhancing your defenses and scalability against downtime or outages and you haven’t taken major steps yet. Here are some suggested initiatives: Confer with a consulting firm or a data center or cloud provider about what you need to do, specifically, to realize your objectives. Consider actually retaining a service provider that delivers services to help you scale out and protect your IT operations. Going to the cloud doesn’t alleviate your IT responsibility where security is involved. The cloud doesn’t necessarily make your apps secure. A service provider can work with developers to develop and meet these objectives. Shift to a scale-out IT model so your applications scale out, not up, and this may require application transformation efforts to make you application resilient even when infrastructure services are disrupted in local regions. Act early in the year because this type of transformation effort will require changes across all parts of your infrastructure and application; no real shortcut exists and there won’t be time to make these types of changes once the selling season is upon you. Embrace cloud-type platforms if you’re a seasonal online retailer because they’re more dynamic and it’s easy to scale up quickly to meet demand and not incur extra costs when the demand isn’t there. Look into establishing a hybrid cloud so those apps that can’t be moved to the cloud quite yet, can continue to be handled in their traditional manner. For instance, you might use the cloud for web and application tiers and keep other operations in your normal IT setup until you are ready to take on the transformation actives required to update your database environment. Be sure to test your enhanced system before the holiday season and design it to support 100% availability because your goal must strive to always be up. This means securing secondary and tertiary facilities and resources far apart from your principal facility so if an outage occurs in one site, the load can be automatically shifted to an alternate site. Lastly, understand your key performance indicators, or KPIs – those measurements used to evaluate the success of particular activities in which you’re engaged. To do this well, you must possess a firm understanding of the KPIs across all tiers of your applications. Certainly for online retailers, the holiday selling season is critical to their financial strength and even survival. That’s why it’s imperative to keep your IT operations up and running and to recognize and repel cyber-attackers. But remember. You can’t do everything.  Simply do what you can for this year and move swiftly to prepare for the 2014 holiday season. Source: http://multichannelmerchant.com/crosschannel/avoiding-outages-holiday-season-06112013/

Read More:
Avoiding Website Outages During the Holiday Season

Jurassic DDoS?

Like something from the digital ice age, distributed denial-of-service (DDoS) attacks have thawed and are roaming the cyber planet again, according to data from Google in collaboration with Arbor Networks, which provides insight into the scale and geography of recent cyber strikes. Various other reports support the same theory. Verisign estimates that a third of downtime incidents stem from DDoS attacks. These attacks are costly for both businesses and consumers, and the costs are rising. The security firm Prolexic found that attacks became bigger and more frequent in 2013 vs. 2012. There was a 58% increase in total DDoS attacks; 101% increase in application layer (Layer 7) attacks; 48% increase in infrastructure (Layer 3 &4); and 12.4% increase in average attack duration. In addition to an increase in frequency and scale, Prolexic observed some interesting metrics that illustrate significant changes in DDoS attack methodologies. Most notably was a shift away from the bulky flat packet SYN floods to UDP-based attacks and the rapid adoption of Distributed Reflection Denial-of-Service (DrDoS) attacks. A “reflection attack” is a compromise of a server’s security caused by tricking it into giving up an authentication security code, allowing a hacker to access it. These attacks are made possible when servers use a simple protocol to authenticate visitors. It exploits a common security technique known as a challenge-response authentication, which relies on the exchange of secure information between authorized user and server. The hacker logs on and receives a challenge. The server is expecting an answer in the form of the correct response but instead, the hacker creates another connection and sends the challenge back to the server. In a weak protocol, the server will send back the answer, allowing the hacker to send the answer back along the original connection to access the server. Systems that use a challenge-response authentication approach to security can be vulnerable to reflection attacks unless they are modified to address the most common security holes. Reflection attacks use a different kind of bot and require a different type of server to spoof the target IP. Prolexic believes the adoption of DrDoS attacks is likely to continue, as fewer bots are required to generate a high volume of attack traffic due to reflection and amplification techniques. Such attacks also provide anonymity by spoofing IP addresses. Another interesting observation by Prolexic is that infrastructure-based attack protocols such as SYN floods remain in steady use and are often implemented in conjunction with the reflection attacks. The US and China are popular targets simply because these two countries have more internet users than any other country, and both countries are popular choices for ideologically based attacks. The top ten DDoS originating countries according to the Prolexic Quarterly Global DDoS Attack Report Q3 2013 are: China – 62% United States – 9.06% Republic of Korea – 7.09% Brazil – 4.46% Russia – 4.45% India – 3.45% Taiwan – 2.95% Poland – 2.23% Japan – 2.11% Italy – 1.94% So, what does the future hold for DDoS attacks? Future DDoS attacks will likely be conducted through the use of booter scripts, stressor services, and related Application Programming Interfaces (API). The increasing use of this attack method will result in much more effective attacks with fewer resources required. Since these attacks are easier to employ, DrDoS attacks will become more popular. In fact, according to Prolexic, script kiddies are graduating into digital crime and assembling DDoS-for-hire sites for as little as five dollars ($5). That $5 can buy you 600 seconds of DDoS and just $50 could put a credit union down for an afternoon. Remember, it costs far less to generate an attack than to mitigate an attack. Security professionals must promote cleanup efforts and make it difficult for hackers to send money to criminals offering DDoS for hire. The financial institutions with smaller security budgets become more lucrative targets because they cannot apply the resources to identify threats. Verizon’s Chris Novak agreed: “We are seeing where DDoS is used to distract a medium-size financial institution. While they are busy fighting off the DDoS, they don’t see that terabytes of data just walked out the door. That’s scary.” DDoS is not dead. In fact, it is alive and kicking. In addition to the foray of targets, many new government programs have become recent hacker targets using DDoS. As new software is developed, it is incumbent on IT security professionals to be cognizant of potential DDoS vulnerabilities and to initiate countermeasures as quickly as possible. Source: http://www.infosecurity-magazine.com/blog/2013/11/5/jurassic-ddos/1050.aspx

Read the original:
Jurassic DDoS?

Anonymous Philippines hack and DDoS Government sites

Critics of the Aquino administration responsible for hacking government websites will be dealt with accordingly, Malacañang warned yesterday. “There are existing laws against hacking and proper action will be taken,” Press Secretary Herminio Coloma told a news briefing when sought for comment on the latest attacks on the websites of several government agencies by activist hacker group Anonymous Philippines. “There are sufficient avenues for free expression so there is no need to resort to illegal acts such as hacking of government websites,” Coloma said. He said that sentiments against the government could be aired in street protests. According to Coloma, there is enough “democratic space” where the public can air their grievances. More gov’t sites under attack Anonymous Philippines claimed it has stopped the operation of major government websites as hackers geared up for today’s “Million Mask March” in Quezon City. In a post on its Facebook page yesterday, the group said the websites of around 100 local and national government agencies – including that of the Official Gazette, Senate, House of Representatives and the National Bureau of Investigation – were “currently down.” With the exception of the Senate website (senate.gov.ph), a random check showed that most of the national government websites in the list were accessible as of yesterday afternoon. Despite having a security feature to mitigate attacks, the Official Gazette website (gov.ph) was temporarily inaccessible yesterday. In a phone interview with The STAR, Roy Espiritu of the Information and Communications Technology Office confirmed that a number of government sites have been under distributed denial of service (DDoS) attacks since Monday. However, he said that “critical” government websites are “secure.” Espiritu said government websites are currently in the process of migrating into more secure servers as mandated by Administrative Order 39, signed by the President in July, which establishes a Government Web Hosting Service. The service seeks to “ensure the government’s Internet presence around the clock under all foreseeable conditions.” Earlier, Espiritu said they are looking into the possibility of incorporating security measures to beef up the defenses of government websites. A DDoS attack is mounted to shut down an Internet site by flooding it with access requests and overload its server handling capabilities. Websites affected by successful DDoS attacks are inaccessible to legitimate users who wish to view their content. The Official Gazette website is protected from DDoS attacks by CloudFare, which offers security by checking the integrity of browsers and looking for threat signatures from users who wish to access the site. DDoS attacks are dependent on the number of people trying to access the website at the same time. Espiritu earlier said that even the most secure websites could be affected by such attacks. In 2010, the websites of Visa and MasterCard were affected by a DDoS attack mounted by supporters of whistle-blower organization WikiLeaks. DDoS attacks are different from hacking, which requires an Internet user to access the website using the password of a legitimate administrator. Investigation According to Espiritu, an investigation will be conducted to determine the people behind the attacks on government websites. He said the people behind the attacks may be charged under the e-Commerce law as the move to shut down the websites deprived the public of the information that they need from the government. On Monday, the website of the Office of the Ombudsman was defaced by people claiming to be members of Anonymous Philippines. The latest cyber attacks on government websites came amid issues involving alleged misuse of the Priority Development Assistance Fund and the Disbursement Acceleration Program of the legislative and the executive, respectively. In August, various government sites were hacked during the Million People March attended by thousands in Luneta. Previous incidents of attacks happened during the height of discussions on various issues such as the passage of the Cybercrime Prevention Law and the territorial dispute with China. Worldwide protest The Million Mask March is an event that will be held in various locations around the globe today “to remind this world what it has forgotten. That fairness, justice, and freedom are more than just words.” According to its official Facebook page, the march will cover various topics including government, education reform, constitutional rights, freedom, unity, drug abuse, respect for all, corruption, nutrition and health and violence among children, among others. Based on the events page of the Million Mask March-Philippines, over 1,000 Facebook users have confirmed attendance in today’s march. A post by an Anonymous member said participants will meet at the Quezon Memorial Circle at 8 a.m. to discuss the activities for the day. The march will start in front of the Sandiganbayan along Commonwealth Avenue to Batasang Pambansa. In a text message to The STAR, Quezon City department of public order and safety chief Elmo San Diego said they received no application for a permit to hold a rally or a march near Batasang Pambansa today. The Anonymous member reminded participants not to bring any form of weapon, adding that the event will be held to show the public’s reaction to the mishandling of the government committed by people in power. The Department of Science and Technology (DOST) Information and Communications Technology Office yesterday underscored the need to fast track efforts to set up a more secure government website hosting facility following the latest hacking of government websites. The websites of the Insurance Commission, Southern Philippines Development Authority, Optical Media Board and that of the local government units of Bolinao, Pasig City, Pateros and the municipality of Basnud, Oriental Mindoro were defaced by members of Anonymous Philippines. Source: http://www.philstar.com/headlines/2013/11/05/1253167/palace-act-vs-hackers

Read More:
Anonymous Philippines hack and DDoS Government sites

Application-layer DDoS attacks are becoming increasingly sophisticated

The number of DDoS (distributed denial-of-service) attacks that target weak spots in Web applications in addition to network services has risen during the past year and attackers are using increasingly sophisticated methods to bypass defenses, according to DDoS mitigation experts. Researchers from Incapsula, a company that provides website security and DDoS protection services, recently mitigated a highly adaptive DDoS attack against one of its customers that went on for weeks and combined network-layer with application-layer—Layer 7—attack techniques. The target was a popular trading site that belongs to a prominent player in a highly competitive online industry and it was one of the most complex DDoS attacks Incapsula has ever had to deal with, the company’s researchers said in a blog post. The attack started soon after an ex-partner left the targeted company and the attackers appeared to have intimate knowledge of the weak spots in the target’s infrastructure, suggesting that the two events might be connected, the researchers said. The attack began with volumetric SYN floods designed to consume the target’s bandwidth. It then progressed with HTTP floods against resource intensive pages, against special AJAX objects that supported some of the site’s functions and against Incapsula’s own resources. The attackers then switched to using DDoS bots capable of storing session cookies in an attempt to bypass a mitigation technique that uses cookie tests to determine if requests come from real browsers. The ability to store cookies is usually a feature found in full-fledged browsers, not DDoS tools. As Incapsula kept blocking the different attack methods, the attackers kept adapting and eventually they started flooding the website with requests sent by real browsers running on malware-infected computers. “It looked like an abnormally high spike in human traffic,” the Incapsula researchers said. “Still, even if the volumes and behavioral patterns were all wrong, every test we performed showed that these were real human visitors.” This real-browser attack was being launched from 20,000 computers infected with a variant of the PushDo malware, Incapsula later discovered. However, when the attack first started, the company had to temporarily use a last-resort mitigation technique that involved serving CAPTCHA challenges to users who matched a particular configuration. The company learned that a PushDo variant capable of opening hidden browser instances on infected computers was behind the attack after a bug in the malware caused the rogue browser windows to be displayed on some computers. This led to users noticing Incapsula’s block pages in those browsers and reaching out to the company with questions. “This is the first time we’ve seen this technique used in a DDoS attack,” said Marc Gaffan, co-founder of Incapsula. The challenge with application-layer attacks is to distinguish human traffic from bot traffic, so DDoS mitigation providers often use browser fingerprinting techniques like cookie tests and JavaScript tests to determine if requests actually come from real browsers. Launching DDoS attacks from hidden, but real browser instances running on infected computers makes this type of detection very hard. “We’ve been seeing more and more usage of application-layer attacks during the last year,” Gaffan said, adding that evasion techniques are also adopted rapidly. “There’s an ecosystem behind cybercrime tools and we predict that this method, which is new today, will become mainstream several months down the road,” he said. DDoS experts from Arbor Networks, another DDoS mitigation vendor, agree that there has been a rise in both the number and sophistication of Layer 7 attacks. There have been some papers released this year about advanced Layer 7 attack techniques that can bypass DDoS mitigation capabilities and the bad guys are now catching on to them, said Marc Eisenbarth, manager of research for Arbor’s Security Engineering and Response Team. There’s general chatter among attackers about bypassing detection and they’re doing this by using headless browsers—browser toolkits that don’t have a user interface—or by opening hidden browser instances, Eisenbarth said. In addition, all malware that has man-in-the-browser functionality and is capable of injecting requests into existing browsing sessions can also be used for DDoS, he said. Layer 7 attacks have become more targeted in nature with attackers routinely performing reconnaissance to find the weak spots in the applications they plan to attack. These weak spots can be resource-intensive libraries or scripts that result in a lot of database queries. This behavior was observed during the attacks against U.S. banking websites a year ago when attackers decided to target the log-in services of those websites because they realized they could cause significant problems if users are prevented from logging in, Eisenbarth said. “We continued to see attackers launch those type of attacks and perform reconnaissance to find URLs that, when requested, may result in a lot of resource activity on the back end,” he said. More and more companies are putting together DDoS protection strategies, but they are more focused on network-layer attacks, Gaffan said. They look at things like redundancy or how much traffic their DDoS mitigation solution can take, but they should also consider whether they can resist application-layer attacks because these can be harder to defend against than volumetric attacks, he said. With application-layer attacks there’s an ongoing race between the bad guys coming up with evasion techniques and DDoS mitigation vendors or the targeted companies coming up with remedies until the next round, Gaffan said. Because of that, both companies and DDoS mitigation providers need to have a very dynamic strategy in place, he said. “I think we will continue to see an evolution in the sophistication of application-layer attacks and we will see more and more of them,” Gaffan said. They won’t replace network-layer attacks, but will be used in combination with them, he said. Having Layer 7 visibility is very important and companies should consider technologies that can provide that, Eisenbarth said. In addition to that, they should perform security audits and performance tests for their Web applications to see what kind of damage an attacker could do to them, he said. Source: http://www.pcworld.com/article/2056805/applicationlayer-ddos-attacks-are-becoming-increasingly-sophisticated.html

Link:
Application-layer DDoS attacks are becoming increasingly sophisticated