Tag Archives: power

Get rekt: Two years in clink for game-busting DDoS brat DerpTrolling

It’s all lulz until someone goes to prison Austin Thompson, aka DerpTrolling, who came to prominence in 2013 by launching Distributed Denial of Service (DDoS) attacks against major video game companies, has been sentenced to 27 months in prison by a federal court .…

Read more here:
Get rekt: Two years in clink for game-busting DDoS brat DerpTrolling

Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud

Also: Belarus barely brushes botnet builder’s bankroll Another week has come and gone. This one included some Fortnite flaws , a nasty Intel bug , and a voting machine maker whining about hacking contests.…

More:
Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud

Top tip, hacker newbs: Don’t use the same Skype ID for IoT bot herding and job ads

To be fair, the kid is only 13 A teenage tearaway with a passion for building botnets was apparently caught using the same Skype ID he used for hacking activities when applying for jobs.…

See the original article here:
Top tip, hacker newbs: Don’t use the same Skype ID for IoT bot herding and job ads

DDoS attacks have gone from a minor nuisance to a possible new form of global warfare

“In principle, most of the denial-of-service attacks we see have no solution,” a security expert, Peter Neumann of SRI International, told the New York Times at the time. “The generic problem is basically unsolvable.” It still is. Twenty years on, DDoS attacks have increased exponentially in size, and vast swathes of the internet remain vulnerable. Experts say the proliferation of new but vulnerable connected devices, such as thermostats and security cameras, as well as the architecture of the internet itself, mean DDoS attacks will be with us for the foreseeable future. And rather than a mere annoyance that takes your favorite websites offline, they are starting to become a serious threat. According to Arbor Networks, an internet monitoring company that also sells DDoS protection, the volume of global DDoS attacks has grown by more than 30 times between 2011 and 2014. The attacks are also getting more intense. A string of them in September and October, which set records in terms of the volume of traffic (in gigabits per second, or Gbps) in each attack, proved that DDoS can overwhelm the internet’s best defenses. Among those they took down or threatened were a hosting service, a domain-name services provider (whose clients, including Twitter and Spotify, thus became inaccessible across entire regions of the US), a major content-delivery network, and the internet’s best-known blogger on security matters, Brian Krebs.  These are the most powerful DDoS attacks each year, by Arbor Networks’ count.   The September and October attacks are thought to have been carried out using Mirai, a piece of malware that allows hackers to hijack internet-connected devices such as security cameras. These are often sold with weak default passwords that their users don’t bother (or know how) to change. Mirai tracks them down, takes them over, and incorporates them into a “botnet” that launches DDoS attacks as well as finding and infecting other devices. Botnets aren’t new, but Mirai takes them to a new level, argues a recent paper (pdf) from the Institute of Critical Infrastructure Technology (ICIT), a research group. It’s a “development platform” for hackers to customize, the researchers say; the code was made public on a hacker forum, and people are free to innovate and build on it. In the past couple of months it’s thought to have been used to cripple the heating systems of two residential buildings in Finland and the online services of several Russian banks. The researchers speculate that hackers could tailor Mirai to do far bigger damage, such as bringing down a power grid. In September, security expert Bruce Schneier pointed to evidence that a large state actor—China or Russia, most likely—has been testing for weak points in companies that run critical parts of American internet infrastructure. It’s not outlandish to imagine that in the future, DDoS attacks powered by something like Mirai, harnessing the vast quantity of weakly secured internet-connected gadgets, could become part of a new kind of warfare. At the moment, the main defense against a DDoS attack is sheer brute force. This is what hosting companies offer. If a client suffers a DDoS attack, the hosting provider simply assigns more servers to soak up the flood of traffic. But as the latest attacks have shown, the power of botnets is simply growing too fast for even the biggest providers to defend against. There is a fix that would prevent a common type of DDoS attack—a “reflection” attack. This is where a hacker sends messages out to a botnet that seem to come from the target’s IP address (like sending an email with a fake reply-to address), causing the botnet to attack that target. The proposed fix, a security standard known as BCP38, which would make such fake return addressing impossible, has been available for 16 years. If all the ISPs on the internet implemented BCP38 on their routers, the most powerful DDoS attacks would be far more difficult to launch.  But the sheer number of networks and ISPs on the internet makes this idea wishful thinking, says Steve Uhlig, of London’s Queen Mary University, who specializes in the internet’s routing protocols.”Remember that the internet is made of more than 50,000 networks,” he says. If the most important and influential networks implement the fix, but the countless smaller operators don’t, DDoS attacks can continue to exploit spoofing. “Larger networks in the [internet core] can and do filter,” he says, “But they reduce the attacks by only a limited amount.” The internet’s decentralized design is what gives it its strength. But it’s also the source of what is rapidly becoming its biggest weakness. Source: http://qz.com/860630/ddos-attacks-have-gone-from-a-minor-nuisance-to-a-possible-new-form-of-global-warfare/

See more here:
DDoS attacks have gone from a minor nuisance to a possible new form of global warfare

Justice Charges Hackers From Lizard Squad, PoodleCorp

Two teenagers face charges from the U.S. Justice Department for allegedly being members of well-known hacking groups Lizard Squad and PoodleCorp. On Thursday (Oct. 6), Krebs on Security reported that the pair have been charged with credit card theft and operating services that enabled paying customers to launch cyberattacks with the intention of knocking websites offline. The two 19-year-olds, Zachary Buchta and Bradley Jan Willem van Rooy, are believed to have conspired to cause damage to protected computers. “The charges are the result of an international investigation into the computer hacking groups ‘Lizard Squad’ and ‘PoodleCorp,’ according to a criminal complaint and affidavit filed in U.S. District Court in Chicago,” a statement from the U.S. Attorney’s Office for the Northern District of Illinois said. “Buchta and van Rooy allegedly conspired with others to launch destructive cyberattacks around the world and trafficked payment accounts that had been stolen from unsuspecting victims in Illinois and elsewhere,” it continued. Last year, the U.K.’s National Crime Agency (NCA) arrested six teenagers for allegedly attempting to access a tool used by the Lizard Squad hacker group. Just days after those arrests were made, the NCA itself was taken down by a targeted cyberattack. The NCA’s website was down for more than an hour and was the target of a distributed denial-of-service (DDoS) attack. In DDoS attacks, hackers bombard a targeted website with an overflow of data, eventually causing the entire network to crash. Lizard Squad took to Twitter shortly after the attack to take credit for the site shutdown. The group also gained press last year for supposedly launching a new business venture that allows anyone to join its security-breaching ways for a low cost of $6 a month. The subscription service known as LizardStresser allows subscribers to obtain a distributed denial-of-service attack tool. “This booter is famous for taking down some of the world’s largest gaming networks, such as Xbox Live, Playstation Network, Jagex, BattleNet, League of Legends and many more!” the LizardStresser homepage boasted at the time. “With this stresser, you wield the power to launch some of the world’s largest denial-of-service attacks.” Source: http://www.pymnts.com/news/security-and-risk/2016/hackers-from-lizard-squad-poodlecorp-arrested/

Visit link:
Justice Charges Hackers From Lizard Squad, PoodleCorp

DDOS attacks: An old nemesis returns to cripple your network

Once considered a cybersecurity threat of the past, Distributed Denial of Service (DDoS) attacks have re-emerged with a vengeance. DDoS attacks are wreaking havoc on enterprises and end users with alarming frequency. Distributed Denial of Service is a cyberattack where multiple systems are compromised, often joined with a Trojan, and used to target a single system to exhaust resources so that legitimate users are denied access to resources. Websites or other online resources become so overloaded with bogus traffic that they become unusable. A well-orchestrated DDoS carried out by automated bots or programs has the power to knock a website offline. These attacks can cripple even the most established and largest organisations. An e-commerce business can no longer conduct online transactions, jeopardising sales. Emergency response services can no longer respond, putting lives in danger. According to the VeriSign Distributed Denial of Service Trends Report, DDoS activity increased by 85 percent in one year. The report also suggested that cyber attackers are beginning to hit targets repeatedly, with some organisations the target of DDoS attacks up to 16 times in just three months. If you think your organisation is obscure and can fly under the cyber attacker radar – forget it. Every industry is vulnerable. If an increase in attacks isn’t troubling enough, the size and the amount of damage DDoS attacks can do is also disturbing. The fastest flood attack detected by Verisign occurred during the fourth quarter of 2015, targeting a telecommunications company by sending 125 million packets per second (Mpps), and driving a volumetric DDoS attack of 65 gigabits per second (Gbps). The end result – the site imploded and was temporarily knocked out of service. Why DDos attacks are back in vogue The reason why DDoS attacks are back is simple – it is relatively easy to launch a sustained attack and cripple any organisation connected to the Internet. Botnets, a group of computers connected for malicious purposes, can actually be acquired as a DDoS for hire service. The ability to acquire destructive assets demonstrates how easy it is for someone with little technical knowledge to attack any organisation. DDoS attacks typically hit in three ways – Application Order, Volumetric, and Hybrid. Application orders cripple networks by potentially creating hundreds of thousands of connections at a time; volumetric attacks seek to overload a site with traffic; hybrid attacks can deliver the double whammy of knocking a business offline. The real danger of DDoS attacks is that they are often an end around. While technicians are pre-occupied with trying to get the website back up, attackers can often plant a backdoor in others areas of the network to eventually steal information. How to prevent DDoS attacks Prevention is nearly impossible, since there is no effective control of hackers in the outside world. A DDoS appliance protecting the Internet connection is the first line of defence. This will help to mitigate an attack. Appliances from vendors such as Fortinet or Radware are placed on customer premise as close to their Internet edge as possible. These devices can help to identify and block most DDoS traffic. However, this solution falls short with a DDoS attack that is attempting to flood Internet circuits. The only way to protect against this type of attack is to have a device at the service provider or in the cloud. A managed security services provider (MSSP) can offer on-demand services that are both cost effective and architected with a cloud focus in mind, in order to effectively protect against each type of attack. A number of companies offer tools to analyse network traffic for signs of malicious activity, which can often weed out unwanted network connections. Infrastructure Access Control Lists (IACLs) can also be installed in routers and switches to detect suspicious traffic patterns and keep unwanted traffic off servers. Many companies believe they can thwart attacks by hiding behind a firewall, but these general purpose tools are typically the first to fall. Firewalls offer some protection, but they can be easily hacked. Organisations expose themselves to attack when they use technology as a crutch. Winning the DDoS war requires organisations to look at their operations as a critical network and seek ways to defend it with talented individuals and technology that stay one step ahead of the attackers. A firewall is important but not a panacea. The major drawback to do-it-yourself solutions is that they are reactive. Attackers can easily modify their methods and come at a business from disparate sources using different vectors. This keeps an organisation always in a defensive position, having to repeatedly deploy additional configurations, while simultaneously attempting to recover from any downtime events. Many organisations have limited expertise and resource bandwidth to deal with the complexities of security and compliance. Managed security services providers with the ability to monitor, manage and protect control systems fill that cybersecurity gap. Detecting a DDoS attack requires specialised hardware capable of sending alerts via email or text. The goal is to report and respond to the incident before the attacker makes resources unavailable. An MSSP who employs both technology and on-site personnel can monitor and act as a full operations team. If a DDoS attack is suspected, it is probably affecting the ISP as well. The security team should immediately contact the ISP to see if they can detect a DDoS attack and re-route traffic. Inquire whether any DDoS protective services are available, and consider a backup ISP as a contingency. DDoS attacks will continue in the future due to the ease of execution. Companies must ensure they are prepared, constantly monitor the network, and have a game plan if an attack is under way. The daily headlines prove that no organisation is immune. With a little foresight it is possible to both thwart an attack and defend against future ones. Source: http://www.itproportal.com/features/ddos-attacks-an-old-nemesis-returns-to-cripple-your-network/

Visit site:
DDOS attacks: An old nemesis returns to cripple your network

Overwatch Servers Went Down After Alleged DDoS Attack

Infamous hacker group Lizard Squad is thought to be at it again, this time taking down Overwatch servers and leaving players unable to join and remain in a session. Over the past week, Blizzard has been experiencing some problems with Battle.net that have made it difficult for players to use the service as intended with games like Overwatch . Now, there’s word that these issues might have been caused by a DDoS attack launched by members of hacker group Lizard Squad. Some users are reporting that they are unable to log in to Battle.net. Others are able to enter, but find themselves kicked out of multiplayer matches in Overwatch for seemingly no reason. Ordinarily, issues like these would be brushed off as being part and parcel of the modern online experience. However, a suspicious tweet from a known Lizard Squad member has led to the group being implicated, according to a report from VG247. The above tweet is being taken as proof that Lizard Squad member AppleJ4ck was involved with the attack. Some Overwatch players responded to his post to vent their annoyance about the situation — to which AppleJ4ck responded, “in a way, I’m doing y’all a favor.” This is not the first time that Lizard Squad has targeted organizations within the video game industry. The group rose to prominence back in 2014, when a coordinated attack brought down the PlayStation Network and Xbox Live over Christmas, causing massive headaches for the companies involved. Of course, the attack was not an unmitigated success for the group, as the high-profile hack made Lizard Squad an immediate target for authorities. Just days later, a 22-year-old alleged to be a part of the organization was the subject of a raid by police in the United Kingdom. However, the strength of a group like Lizard Squad is the fact that they are spread all over the world. Individual members can be found and brought to justice, but it’s difficult to make a concerted attempt to stamp out its activity outright. If the situation is hard on the authorities, then it’s even more challenging for a company like Blizzard. The overwhelming popularity of Overwatch means its hard enough for the company to keep Battle.net afloat at the best of team, never mind when there are hackers on the prowl. Unfortunately, criminal elements like Lizard Squad are part and parcel of the modern online experience. Companies like Blizzard have to take these groups into consideration when operating a service like Battle.net — hackers have the power to ruin the experience for the rest of us, and the only defence is a robust level of security. Source: http://gamerant.com/overwatch-servers-down-ddos-attack-846/

More:
Overwatch Servers Went Down After Alleged DDoS Attack

Unexpectedly benevolent malware improves security of routers, IoT devices

At this point in time, the existence of a botnet comprising of tens of thousands of compromised routers and other IoT devices is not news. Nevertheless, this latest one mapped by researchers is a spec…

Read this article:
Unexpectedly benevolent malware improves security of routers, IoT devices

Shellshock over SMTP attacks mean you can now ignore your email

‘But boss, the Internet Storm Centre says it’s dangerous for me to reply to you’ Yet another round of Shellshock attacks is emerging, according to the SANS Internet Storm Center – this time, botnets are tapping hosts over SMTP.…

View original post here:
Shellshock over SMTP attacks mean you can now ignore your email