Tag Archives: operation

DDoS attacks: Cops cuff 12 British suspects in pre-Xmas clampdown

Nationwide arrests bring in number of alleged repeat offenders—mostly young men. Twelve people—almost all of whom are men under the age of 30—have been arrested in the past week on suspicion of repeatedly performing direct denial of service attacks, in a crackdown spearheaded by the National Crime Agency. Cops working on Operation Vulcanalia targeted more than 60 individuals believed to have paid as little as £4 to use a DDoS suite called Netspoof, resulting in 12 arrests, 30 cease-and-desist notices, 11 suspects having computer equipment seized, and two cautions. The arrests were mostly among alleged repeat offenders, with the aim being to discourage rather than punish first-timers. Netspoof subscription packages cost between £4 and £380, and some customers had paid more than £8,000 “to launch hundreds of attacks”—the specific sites they attacked, however, weren’t revealed by the NCA. Victims were said to include “gaming providers, government departments, Internet hosting companies, schools, and colleges.” The agency said: “Where cybercrime has largely been seen as being committed by hackers with technical skills, stresser services allow amateurs—sometimes motivated by a grudge—to launch attacks easily and with little or no specialist knowledge.” The operation was run nationwide, with the NCA supported by officers working for Regional Organised Crime Units (ROCUs). It was part of a wider push by Europol, named Operation Tarpit, during a “week of action” which was also coordinated with law enforcement agencies in the US and Australia. Senior investigating officer Jo Goodall, who works at the NCA’s National Cyber Crime Unit, said the problem posed by DDoS attacks is “truly global” in scale. “These attacks pose a huge economic cost to the economy. It is not a victimless crime,” she said. “It requires worldwide co-operation which we have seen on this job with the focus on arresting those who won’t change their ways, and trying to prevent those who will from future offending.” A survey by cyber security specialists Kaspersky Lab and researchers B2B International—cited by the NCA—which talked to more than 4,000 small and medium firms and 1,000 large businesses, found that an attack can cost more than £1.3 million for large firms and approximately £84,000 for smaller companies. Europol’s Steven Wilson said: “Many IT enthusiasts get involved in seemingly low-level fringe cyber crime activities from a young age, unaware of the consequences that such crimes carry. “One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path.” Roughly 30 percent of UK businesses reported a DDoS attack last year, the NCA said. Of the agency’s twelve arrests, only one so far has led to an unnamed, 27-year-old male suspect from Hamilton, Scotland being charged under the Computer Misuse Act. Source: http://arstechnica.co.uk/tech-policy/2016/12/ddos-attacks-cops-cuff-12-british-suspects-pre-xmas-clampdown/

View post:
DDoS attacks: Cops cuff 12 British suspects in pre-Xmas clampdown

How the ‘Internet of unpatchable things’ leads to DDoS attacks

For at least the past year there have been repeated warning to makers of Internet-connected devices about the insecurity of their platforms. Another came today in a report from Akamai Technologies’ threat research team, which has delved into a recent burst of distributed attacks leveraging IoT devices. In this case they are SSHowDowN Proxy attacks using a 12-year old vulnerability in OpenSSH. “We’re entering a very interesting time when it comes to DDoS and other web attacks — ‘The Internet of Unpatchable Things’ so to speak,” Eric Kobrin, Akamai’s director of information security, said in a statement. “New devices are being shipped from the factory not only with this vulnerability exposed, but also without any effective way to fix it. We’ve been hearing for years that it was theoretically possible for IoT devices to attack. That, unfortunately, has now become the reality.” Akamai emphasizes this isn’t a new vulnerability or attack technique. But it does show a continued weakness in many default configurations of Internet-connected devices. These particular attacks have leveraged video surveillance cameras and digital recorders, satellite antenna equipment, networking devices (including routers, switches, Wi-Fi hotspots and modems) and Internet-connected network attached storage. They are being used to mount attacks on any Internet targets as well as internal networks that host connected devices. Unauthorized SSH tunnels were created and used, despite the fact that the IoT devices were supposedly hardened and do not allow the default web interface user to SSH into the device and execute commands, Akamai said. Then attackers used to conduct a mass-scale HTTP-based credential stuffing campaigns against Akamai customers. It offers this mitigation advice to infosec pros: –if possible configure the SSH passwords or keys on devices and change those to passwords or keys that are different from the vendor defaults; –configure the device’s SSH service on your device and either add “AllowTcpForwarding No” and “no-port-forwarding” and “no-X11-forwarding” to the ~/ssh/authorized_ keys file for all users, or disable SSH entirely via the device’s administration console; –if the device is behind a firewall, consider disabling inbound connections from outside the network to port 22 of any deployed IoT devices, or disabling outbound connections from IoT devices except to the minimal set of ports and IP addresses required for their operation. Source: http://www.itworldcanada.com/article/how-the-internet-of-unpatchable-things-leads-to-ddos-attacks/387275

Originally posted here:
How the ‘Internet of unpatchable things’ leads to DDoS attacks