Tag Archives: rights

DDoS attacks costly for online companies

Distributed denial of service, or DDoS, attacks can be hugely damaging to companies that rely on their online presence for sales and new business, says DDoS mitigation provider, Prolexic. “All businesses are potentially vulnerable as there are no advance warnings of DDoS attacks, and no way to know if and when your business could be targeted,” says sales and innovation director at DRS, Jayson O’Reilly. “However, if your business is dependent on its Web site to service customers, you should have protocols in place to defend against an attack, should it happen.” O’Reilly states that some businesses are more vulnerable, or more likely to be a target, than others, which is largely industry dependent. Retail, financial services and gaming sites are popular targets. “Businesses should establish the likelihood of attack, or if they have already been a target, what sort of volume of attacks they have experienced. If they have experienced attacks, were these prolonged, or particularly strong? These questions can help a business select a suitable level of DDoS protection,” he says. He adds that businesses that find themselves regular targets, and which have a high dependency on their Web sites for business, should consider a level of protection that comes with high service level agreements. “They should select a DDoS mitigation provider that can have a site back up almost instantaneously, and guarantee uptime. However, this is not a cheap exercise.” There are other, less expensive, options too, according to O’Reilly, which come with a choice of protection levels, guaranteeing protection up to a certain level. “This sort of protection is suitable for businesses that experience low level, less lengthy attacks. However, should an attack happen that is above the protection level the company has paid for, they would be on their own,” O’Reilly says. He says smaller businesses which haven’t yet been hit by a DDoS attack can also follow several steps to better prepare themselves in the event of an attack, adding that companies which use dedicated servers have the option of setting up a backup connection, called an out-of-band (OOB) connection, which is essentially a backup path in case of network communication failure. “In the event of the usual network becoming inaccessible, the businesses can use the OOB connection to access the server instead. A hosting provider can add an OOB connection, and at a price that won’t break the bank.” O’Reilly says network monitoring can also be a big help. “A network monitoring system that can pick up anomalous behaviour, such as sudden spikes, can act as an early warning system for a DDoS attack.” Additionally, he advises companies to be aware of where they are most vulnerable, in order to keep an eye on those points, and strengthen them wherever possible. “Add alerts for your weak points, and put plans in place to upgrade the security on these points,” he concludes. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=69922:DDoS-attacks-costly-for-online-companies&catid=69

View article:
DDoS attacks costly for online companies

Steam, Blizzard and EA hit by DDoS attacks

There’s something about the new year that gets hackers all excited as the DDoS attacks continue. The last major attack was on 31 December with DERP unleashing their DDoS on World of Tanks, EA, Blizzard, League of Legends and DOTA 2.It looks like the hangovers have worn off as once again they hit EA and Battlefield 4 servers. EA hopped on the case with a response. In what may have been a response to that, we have no idea what’s behind their thinking with all this, another group decided Steam should be the target. We are still seeing reports that Steam is still having issues despite the attack apparently having stopped. And then it was on to BattleNet… All this is being done for shits and giggles but really achieves nothing other than annoy gamers and cause some temporary headaches for server admins. The novelty will probably wear off in a few days but as the individuals involved are being encouraged by Twitter followers expect more outages. Source: http://www.incgamers.com/2014/01/steam-blizzard-ea-hit-ddos-attacks

Continue Reading:
Steam, Blizzard and EA hit by DDoS attacks

Lessons From 5 Advanced Attacks Of 2013

Distributed denial-of-service attacks targeted application and business-logic weaknesses to take down systems; fraudsters used encryption to scramble victims’ data until they paid a ransom; and, attackers increasingly targeted providers as a weak link in the chain of the digital security protecting businesses. In 2013, there were no major revolutions in the way that attackers compromised, cut off, or just plain inconvenienced their victim’s systems, but their techniques and tactics evolved. From more pernicious encryption in ransomware to massive DDoS attacked fueled by reflection, attackers showed that they still had options available in their bag of tricks. “As the criminals have become more savvy and more technically knowledgable and understand the victims’ environments better, they are able to see opportunities that they might otherwise overlook,” says Jeff Williams, director of security strategy for the counter threat unit at Dell SecureWorks, a managed security provider. Based on interviews with experts, here are five advanced attacks from 2013 and the lessons for businesses from those events. 1. Cryptolocker and the evolution of ransomware While many attackers create botnets to steal data or use victim’s machines as launching points for further attacks, a specialized group of attackers have used strong-arm tactics to extort money from victims. In the past, most of these types of attacks, referred to as ransomware, have been bluffs, but Cryptolocker, which started spreading in late summer, uses asymmetric encryption to lock important files. The group behind Cryptolocker has likely infected between 200,000 and 250,000 computers in the first hundred days, according to researchers at Dell SecureWorks. Based on the number of payments made using Bitcoin, the company conservatively estimated that 0.4 percent of victims paid the attackers, but it is likely many times more than minimum take of $240,000, the company stated in an analysis. “What sets it apart is not just the size and the professional ability of the people behind it, but that–unlike most ransomware, which is a bluff–this one actually destroys your files, and if you don’t pay them, you lose the data,” says Keith Jarvis, senior security researcher with Dell SecureWorks. Companies should expect ransomware to adopt the asymmetric-key encryption strategy employed by the Cryptolocker gang. 2. New York Times “hack” and supplier insecurity The August attack on The New York Times and other media outlets by the Syrian Electronic Army highlighted the vulnerability posed by service providers and technology suppliers. Rather than directly breach the New York Times’ systems, the attackers instead fooled the company’s domain registrar to transfer the ownership of the nytimes.com and other media firms’ domains to the SEA. The attack demonstrated the importance of working with any suppliers that could be a “critical cog” in a company’s security strategy, says Carl Herberger, vice president of security solutions for Radware, a network security firm. “You need to have real-time, critical knowledge from your service providers to determine whether they are being attacked and whether you are the intended victim of that attack,” says Herberger. 3. Bit9 and attacks on security providers In February, security firm Bit9 revealed that its systems had been breached to gain access to a digital code-signing certificate. By using such a certificate, attackers can create malware that would be considered “trusted” by Bit9?s systems. The attack, along with the breach of security company RSA, underscore that the firms whose job is to protect other companies are not immune to attack themselves. In addition, companies need to have additional layers of security and not rely on any one security vendor, says Vikram Thakur, a researcher with Symantec’s security response group. “The onus resides with the security firm to prevent successful attacks from happening, but when they fail, a victim should have a plan to bolster their defense,” Thakur says. 4. DDoS attacks get bigger, more subtle A number of denial-of-service attacks got digital ink this year. In March, anti-spam group Spamhaus suffered a massive denial-of-service attack, after it unilaterally blocked a number of online providers connected–in some cases tenuously–to spam. The Izz ad-Din al-Qassam Cyberfighters continued their attacks on U.S. financial institutions, causing scattered outages during the year. As part of those attacks and other digital floods, attackers put a greater emphasis on using techniques designed to overwhelm applications. Such application-layer attacks doubled in frequency in the third quarter 2013, compared to the same quarter a year before, according to denial-of-service mitigation firm Prolexic. Reflection attacks, where attackers use incorrectly configured servers to amplify attacks, grew 265 percent in the same period, according to the firm. The attack against Spamhaus, which reportedly topped a collective 300 Gbps, used reflection attacks via open DNS resolvers to generate the massive flood of traffic. “This technique is still an available option for attackers,” says Radware’s Herberger. “Because there are 28 million vulnerable resolvers, and every resolver needs to be fixed, this problem is not going away any time soon.” 5. South Korea and destructive attacks Companies in both the Middle East and South Korea suffered destructive attacks designed to wipe data from computers. In 2012, Saudi Aramco and other companies in the Middle East were targeted with a malicious attack that erased data from machines, causing them to become unrecoverable. This year, South Korean firms were attacked in a similar manner in a multi-vector attack whose finale was the deletion of master boot records on infected computers. While such attacks have happened in the past, they seem to be more frequent, says Dell SecureWorks’ Williams. “The impact of these attacks have been pretty impressive–30,000 machines needed to be rebuilt in the Saudi Aramco case,” he says. Source: http://www.darkreading.com/advanced-threats/lessons-from-five-advanced-attacks-of-20/240165028

View the original here:
Lessons From 5 Advanced Attacks Of 2013

The Changing Trends of DDoS Attacks

Distributed denial-of-service (DDoS) attacks certainly aren’t new. I’ve been talking about them for years. However, they have been changing. The traditional style of attack, the flood-the-target type that crashes a website, is still going strong. But now we are seeing an increase in application-layer attacks that have the same goal: Systems go down, resources are unavailable and the victim is scrambling to fix everything. Recently, Vann Abernethy, senior product manager for NSFOCUS, talked to me about the changing DDoS landscape. Something he has noticed is how DDoS attacks are being used as smokescreens to cover up other criminal activity. He said: In fact, the FBI warned of one such attack type back in November of 2011, which relies upon the insertion of some form of malware. When the attacker is ready to activate the malware, a DDoS attack is launched to occupy defenders. In this case, the DDoS attack is really nothing more than a smokescreen used to confuse the defenses and allow the real attack to go unnoticed – at least initially. Considering that most malware goes undetected for long periods of time, even a small DDoS attack should be a huge red flag that something else may be going on. Abernethy adds that another trend he’s seeing is that the DDoS attack itself may be a bit more sinister. For example, a DDoS attack could be masking a simultaneous attack that is probing for vulnerabilities. He said: It’s like a recon team sent to look at an enemy’s position while they’re under some sort of long-range barrage. In general, basic probing will likely be caught if the victim has even modest security protections. But while under the duress of a DDoS attack, the very systems charged with either blocking or alerting suspicious activity might be under too much strain. Abernethy provides several solutions to protect against these emerging DDoS attack styles. One way is to have multiple teams set up to respond to DDoS attacks. One team would work on the DDoS attacks themselves; another team would be responsible for searching for other possible, hidden attacks. For the trend that involves probing, IT and security departments may want to deploy application security testing, and all applications used by the company should be subjected to the testing. DDoS attacks can be devastating to a company , interrupting vital customer interactions and ruining company reputations. The more we know about them, the better chance we have at protecting the company from any serious damage, if not preventing them altogether. Source: http://www.itbusinessedge.com/blogs/data-security/the-changing-trends-of-ddos-attacks.html

DDoS trojan ferrets SMB data

A new distributed-denial-of-service (DDoS) bot has been discovered targeting real estate companies and other small and medium-sized businesses. Arbor Networks researcher Dennis Schwarz found the malware after receiving a tip-off from a Twitter user. A relatively small number of unique samples and command and control servers were uncovered, making it difficult to judge just how dangerous the new threat could be. These samples are written in the Delphi programming language but most likely originate from Russia, said Schwarz, who added that the bot’s self-preservation tools include UPX packing, string obfuscation, anti-virtual machine, anti-bugging measures, self-modifying code and process hollowing. Command and control is done over HTTP. The analyst firm has a ‘fairly complete picture’ of what the bot represents, but admitted concerns on how Trojan.Ferret is being distributed. “Trojan.Ferret is a new Russian DDoS bot. It stood out to me due to the silly ferret theme and that we have a fairly complete picture of it,” said Schwarz, adding that the company had tracked a sample of bot, the C&C panel view and live C&C traffic. “It is a traditional DDoS bot focusing on the ‘core’ set of DDoS attacks, such as HTTP, UDP and TCP. It lacks the common application layer attacks such as Slowloris, Apache Killer, and RUDY. “A major missing component that we’re unsure of is how this particular Trojan is being distributed–whether by exploit kit, malware-laced spam, or via one of the many ‘dropper/downloader’ networks.” Schwarz said that the Trojan is targeting the UK, the US, Germany, Russia and the Netherlands, as well as Kazakhstan, and said that attacks have hit property companies, an electronics shop, a wedding dress shop and even a politician in Panama. Malwarebytes malware intelligence analyst Adam Kujawa said the information security industry is still coming to grips with the threat posed by the new DDoS bot. “It is likely of Russian origin, uses an array of specialised malware tricks to hide it from detection and of course is used as a DDOS bot,” said Kujawa. “Ferret will infect as many systems as it can to recruit them into the Botnet and then use each of those systems to attack a single server at the same time,” he added, commenting, “A single system cannot perform a successful DDOS attack but a botnet of thousands can.” Source: http://www.scmagazine.com.au/News/368168,ddos-trojan-ferrets-smb-data.aspx

Continue Reading:
DDoS trojan ferrets SMB data

New DDoS malware targets Linux and Windows systems

Attackers are compromising Linux and Windows systems to install a new malware program designed for launching distributed denial-of-service (DDoS) attacks, according to researchers from the Polish Computer Emergency Response Team (CERT Polska). Attackers are compromising Linux and Windows systems to install a new malware program designed for launching distributed denial-of-service (DDoS) attacks, according to researchers from the Polish Computer Emergency Response Team (CERT Polska). The malware was found by the Polish CERT at the beginning of December and the Linux version is being deployed following successful dictionary-based password guessing attacks against the SSH (Secure Shell) service. This means only systems that allow remote SSH access from the Internet and have accounts with weak passwords are at risk of being compromised by attackers distributing this malware. “We were able to obtain a 32-bit, statically linked, ELF file,” the Polish CERT researchers said Monday in a blog post. The executable runs in daemon mode and connects to a command-and-control (C&C) server using a hard-coded IP (Internet Protocol) address and port, they said. When first run, the malware sends operating system information — the output of the uname command — back to the C&C server and waits for instructions. “From the analysis we were able to determine that there are four types of attack possible, each of them a DDoS attack on the defined target,” the researchers said. “One of the possibilities is the DNS Amplification attack, in which a request, containing 256 random or previously defined queries, is sent to a DNS server. There are also other, unimplemented functions, which probably are meant to utilize the HTTP protocol in order to perform a DDoS attack.” While executing an attack, the malware provides information back to the C&C server about the running task, the CPU speed, system load and network connection speed. A variant of the DDoS malware also exists for Windows systems where it is installed as “C:Program FilesDbProtectSupportsvchost.exe” and is set up to run as a service on system start-up. Unlike the Linux version, the Windows variant connects to the C&C server using a domain name, not an IP address, and communicates on a different port, according to the Polish CERT analysis. However, the same C&C server was used by both the Linux and Windows variants, leading the Polish CERT researchers to conclude that they were created by the same group. Since this malware was designed almost exclusively for DDoS attacks, the attackers behind it are likely interested in compromising computers with significant network bandwidth at their disposal, like servers. “This also probably is the reason why there are two versions of the bot — Linux operating systems are a popular choice for server machines,” the researchers said. However, this is not the only malware program designed for Linux that was identified recently. A security researcher from the George Washington University, Andre DiMino, recently found and analyzed a malicious bot written in Perl after allowing attackers to compromise one of his honeypot Linux systems. The attackers were trying to exploit an old PHP vulnerability, so DiMino intentionally configured his system to be vulnerable so he could track their intentions. The vulnerability is known as CVE-2012-1823 and was patched in PHP 5.4.3 and PHP 5.3.13 in May 2012, suggesting the attack targeted neglected servers whose PHP installations haven’t been updated in a long time. After allowing his honeypot system to be compromised, DiMino saw attackers deploy malware written in Perl that connected to an Internet Relay Chat (IRC) server used by attackers for command and control. The bot then downloaded local privilege escalation exploits and a script used to perform Bitcoin and Primecoin mining — an operation that uses computing power to generate virtual currency. “Most servers that are injected with these various scripts are then used for a variety of tasks, including DDoS, vulnerability scanning, and exploiting,” DiMino said Tuesday in a blog post that provides a detailed analysis of the attack. “The mining of virtual currency is now often seen running in the background during the attacker’s ‘downtime’.” DiMino’s report comes after researchers from security vendor Symantec warned in November that the same PHP vulnerability was being exploited by a new Linux worm. The Symantec researchers found versions of the worm not only for x86 Linux PCs, but also for Linux systems with the ARM, PPC, MIPS and MIPSEL architectures. This led them to conclude that the attackers behind the worm were also targeting home routers, IP cameras, set-top boxes and other embedded systems with Linux-based firmware. Source: http://news.idg.no/cw/art.cfm?id=41695C7E-ED43-55A5-51306549A5A0A129

DDoS attacks lead to 18 percent of data center outages

Maintaining top-of-the-line server performance is a delicate balancing act between power consumption, user accessibility and a variety of other factors both physical and abstract that can affect how well employees do their jobs or how quickly and effectively IT-related tasks are accomplished. Yet in many cases, even the most stringent attempts to keep the data center operating without issue can run afoul due to external forces. In the past, distributed-denial-of-service (DDoS) attacks were a small fraction of the reasons that businesses experienced outages in their IT infrastructure. However, recent findings from the Ponemon Institute reveal that they now account for 18 percent of these problems. This is up from only 2 percent in 2010, when Ponemon last studied the phenomenon. Data centers get caught in the cross-fire Often enough, these attacks are not even targeting data centers, 451 Research analyst Eric Hanselman told Network Computing. Rather, hackers are attempting to shut down the applications hosted in the IT infrastructure, and the servers become collateral damage in the process. Furthermore, due to the heightened sophistication of DDoS attacks, which are now both faster and more effective due to the amount of traffic that can be generated, these assaults are even harder to stop or recover from than ever. “It appears that these attacks are much more frequent and more difficult to contain than other root causes of data center outages,” Larry Ponemon, founder of the privacy and security think tank that bears his name, said in an email interview with Network Computing. Preventative measures begin with server monitoring Due to the problems associated with these attacks, decision-makers should try and stop them as early as possible. Noticing suspicious activity before it causes an outage can help immensely, but that requires businesses to implement server monitoring tools that can notice suspicious activity such as an uptick in traffic. “The most surprising factor was the lack of readiness or preparedness of companies,” Ponemon told Network Computing. “In general, we found several companies completely unprepared to deal with this type of outage event.” The high cost of a DDoS-based outage Those companies that fail to prevent or ready themselves for a DDoS-based outage may find themselves paying $822,000 on average to deal with the problem, second only to the average cost of outages caused by equipment failure ($959,000), according to Network Computing. This is more than double the expense of dealing with problems originating with human error, which typically only amount to $380,000. These costs relate to lost work time, reduced revenue and the repairs themselves, though overall business disruption amounts to 80 percent of the expenses. While an outage may not be quite as expensive to a smaller business, one could cause relatively similar amounts of damage, and all companies should be ready to quickly get back on their feet after these types of incidents. “The cost of unplanned downtime – whether it is the entire data center or one rack of servers – can be a huge unplanned cost for most organizations,” Ponemon told Network Computing. While Ponemon noted that businesses should expect a data center outage at some point, companies should still strive to minimize the possibility of a breach or attack. Putting in the proper safeguards and having a robust disaster recovery plan in place can reduce the amount of time that servers spend out of service. By implementing the right tools to notice and stop suspicious activity that may be the result of a DDoS attack, decision-makers may also potentially prevent about one-fifth of possible outage causes. Source: http://copperegg.com/ddos-attacks-lead-to-18-percent-of-data-center-outages/

See the article here:
DDoS attacks lead to 18 percent of data center outages

The Year DDoS Got Real for CUs

Before 2013, Distributed Denial of Service attacks seemed to many credit union executives as something the other guys worried about. The prevailing attitude was: We’re not on anyone’s radar. We aren’t on anyone’s enemies list. Why worry? Then came January 2013 when the $1.6 billion University Federal Credit Union in Austin, Texas, and Patelco, the $4 billion Pleasanton, Calif. credit union, both acknowledged they had been knocked offline for some hours. Many big banks were taken down at the same time, in attacks claimed by al Qassam Cyberfighters, an organization that many allege is sponsored by the Iranian government. A month later, in February, both institutions were taken down another time, again in attacks claimed by al Qassam. Many banks also fell victim a second time. There were also dud DDoS attacks, such as a much-ballyhooed May 7 attack – which saw institutions fearfully running for cover from an attack said to be planned by OpUsa, a hacktivist group affiliated with Anonymous – but it amounted to nothing. As the year progressed, there were more reports of DDoS used as a diversionary tactic by criminals who sought to distract financial institution security staff with website attacks as they busied themselves perpetrating high-value wire thefts. There have been no such cases publicly linked to credit unions, but there are multiple cases linked to banks. How many credit unions have been taken down by DDoS? That number is unknown. Patelco and University were named in Internet postings by al Qassam, thus their attacks became public knowledge. The NCUA, for its part, requires credit unions that have been “significantly affected by DDoS” to notify the NCUA or their state regulators. When asked in October for the number of credit unions that had filed reports, the agency shared data showing two outages. But the regulator did not indicate that it believed that tally to be complete. CUNA Mutual, at the same time, indicated it had no count whatsoever of DDoS outages. No one really knows how many credit unions were attacked by DDoS in the year but one fact did seem to emerge. “DDoS has become a perennial, it is here to stay in the threats universe,” said Charles Burckmyer, president of Sage Data Security, a firm that claims several hundred financial institutions as clients. Just what is DDoS? The question is good, because the answer is tough to give. That’s because the format of DDoS shifted dramatically in 2013, said Rodney Joffe, senior technologist at Neustar, an Internet analytics company that also offers DDoS mitigation services. Early in the year, Joffe recalled, DDoS sought to wipe out victim websites by targeting them with huge volumes of traffic – generally assembled using resources stolen from zombie computer botnets where the machine owners have no clue their devices are digital slaves to criminals. So those targets – such as Patelco and UFCU – went down because they were overwhelmed. But DDoS attacks and mitigation strategies continually evolve, said Joffe. When one side jigs, the other responds. That showed up as many financial institutions signed up with third-party mitigation companies to provide emergency “pipe” – Internet bandwidth – to be able to deflect volume-based attacks. So the attackers switched to hitting victims with an avalanche of requests for services that had the effect of using the target computers to in effect tire themselves, noted Stephen Gates, chief security evangelist of Corero Network Security. A classic, for instance, is hitting a financial institution website with many requests for a password reset, probably for non-existent members, but the institution’s computer still is forced to go through so many motions it may become unavailable to genuine users. Pierluigi Stella, chief technology officer at security company Network Box USA, elaborated: “The (DDoS criminal’s) query is usually less than 100 bytes; the reply can be tens of thousands; so the hacker gets an amplification factor of 100. For each packet of 100 bytes the hacker sends out, you get hit by 10,000 bytes.” Multiply that by maybe several hundred queries per second and it is easy to see why this attack has proven so successful in 2013, suggested Stella. The cure, said experts, is to deploy tools that in effect scrub all data as it comes into the system. Bad data is sidelined, authentic data is passed through, and while that is easier to prescribe than it is to implement in practice, experts agreed that DDoS mitigation companies took large strides in 2013 towards building tools that in fact scrubbed incoming data with high success rates. The bad news: Nobody thinks today’s DDoS format will be tomorrow’s, and no one knows what criminals will unleash in the months ahead. Maybe the jackpot question is, how well protected are credit unions when it comes to fending off DDoS, especially as it morphs into different formats? Have they invested in state-of-the-art protections? Not very many have made those investments, said multiple experts contacted by Credit Union Times. Few credit unions will discuss their DDoS defenses on the record but off the record some have indicated that their defenses are thin. Many hope that their vendors – for Internet banking or their Internet service provider – have adequate protections in place to keep the credit union itself also protected. DDoS will remain part of the threats landscape, said multiple experts, mainly because it is effective, it is inexpensive, and it is increasingly easy to deploy. As long as it gets results, criminals will continue to use it, said Joffe. Nonetheless, he flatly predicted that we will not see more of the al Qassam-style, high-profile attacks that won headlines early in 2013. “Those attacks were politically motivated but they accomplished nothing,” said Joffe. Other experts agreed, pointing to changes in Iranian politics and a recent thawing in relationships with the United States. The upshot is that the al Qassam attacks may in fact be history, meaning there may not be more days when several dozen financial institutions are taken offline in a brazen show of Internet power. “But we will see more DDoS because it works,” said Joffe, and he specifically predicted more use of it as a diversion because if a security staff can be distracted for a half-day, that may be ample time for a wire transfer to move money out of the United States and through several hops into a destination country where funds are unlikely to be returned. Gartner analyst Avivah Litan – one of the experts who first reported the use of DDoS as a diversion – noted in an interview that good policy would be to “slow” wire transfers at times when the institution found itself under a DDoS attack. Her opinion is that simply slowing down transaction speed might sharply reduce losses. At least until the criminals figure out a new strategy – and that is a big takeaway from the 2013 DDoS saga. “This is an arms race that is no different from any other arm’s race,” said Joffe. “As we add defenses, the criminals alter their attacks and so it goes on.” The good guys win, said Joffe, by making it expensive for the criminals, such as disrupting their botnet zombie networks. “If we can make it more expensive for them than the rewards they get from their DDoS, we win,” said Joffe. “This will be survival of the fittest,” he warned. Source: http://www.cutimes.com/2013/12/18/the-year-ddos-got-real-for-cus?ref=hp

More:
The Year DDoS Got Real for CUs

$183,000 fine for man who joined Anonymous attack for ‘one minute’

Authorities in the US have shown their intolerance for so-called ‘hacktivism’ by sentencing a 38-year-old Wisconsin man to two years’ probation and an $183,000 fine for joined an online attack for just a single minute. Eric J. Rosol participated in a Distributed Denial of Service attack (DDoS) against the website for American multinational Koch Industries. DDoS attacks ‘take down’ websites by repeatedly loading them using automatic software. The attack was organised by the hacker group Anonymous and succeed in taking the website offline for only 15 minutes. Rosol pleaded guilty to one misdemeanour count of accessing a protect computer, and although both parties agree that the direct loss to Koch Industries (the second largest privately owned company in the US) was less than $5,000, because the corporation had hired a consulting group to protect its web territory for fees of $183,000 – this was the sum that Rosol must now pay. Koch Industries works in a number of industries including petroleum and manufacturing and reported revenues of $115 billion in 2013. The company is controlled by brothers Charles and David Koch (the world’s sixth and seventh richest men) who inherited it from their deceased father Fred C. Koch, the company’s founder. Koch Industries is often the subject of controversy in the US for its financial support of right-wing Tea Party and its opposition to the green energy industry. The brothers have also donated more than $120m to groups working to discredit climage change science. The DDoS attack which Rosol took part in was organized in opposition to Koch Industries’ reported weakening of trade unions. Source: http://www.independent.co.uk/life-style/gadgets-and-tech/183000-fine-for-man-who-joined-anonymous-attack-for-one-minute-8995609.html

View the original here:
$183,000 fine for man who joined Anonymous attack for ‘one minute’

Introducing the DDDoSA: Disguised DDoS Attack

The Distributed Denial of Service (DDoS) attack is becoming the crowbar of the online criminal. In the past we have got rather used to DDoS attacks being one of the favoured approaches of hacktivists, with perhaps the Low Orbit Ion Cannon (LOIC) and later the High Orbit Ion Cannon (HOIC) as used by Anonymous to take down sites being the best known examples. However, recent evidence suggests that taking down a site is increasingly no longer the be all and end all of a DDoS attack, instead it’s just a means to a much more profitable end. A couple of weeks ago I reported how a Bitcoin bank robbery took place under the smokescreen of a DDoS attack. I’ve now learned that a DDoS attack on another Bitcoin-related site, the Bitcointalk.org online forum, could also have been implemented as a smokescreen tactic. Information Week reports the site was actually targeted for a password-stealing exercise with some 176,584 users login credentials at risk. Indeed, as TK Keanini (CTO at Lancope) points out there is an established marketplace out there selling the DDoS capability to anyone with the cash, and relatively little of it is needed to attack a smaller company, so the bad guys don’t even need a DDoS strike capability as a core competency any more. “It is almost always the case these days that DDoS attacks leverage blended methods, where the volumetric technique is included, but not the primary objective” Keanini says, adding “this is a sign of what is to come in 2014 as more adversaries just put together a multi faceted compostable attack and instead of having to have all this expertise in-house, they will be able to outsource via these marketplaces that sell these capabilities.” Jag Bains, CTO at DDoS mitigation experts DOSarrest says that his company has been seeing DDoS attacks sending huge amounts of traffic to a website to overwhelm key points in its infrastructure to send the security team scrambling to fight it off as something of a trend. “This serves as a distraction for the security personnel and aims to weaken the underlying infrastructure” Bains explains “once the security operations are no longer cohesive, criminals can use other methods to target intrusion prevention systems to get in and steal information”. All of which just goes to reinforce that maintaining the focus of core operations during a DDoS attack is an ever increasing problem for IT operations. “As DDoS continues to be used as part of a 1-2 punch in cybercrime and data theft attempts” Bains concludes “IT professionals have become stressed in keeping up with the ever increasing size and sophistication of DDoS attacks”. All of which can influence an organisation to resort to what you might call non-standard, or panicked, practices to deal with the ongoing attack. Things such as disabling their IDS platform for example. Things that further compromise the overall security of the network and enable the attackers to pull off the primary attack with ease.

More:
Introducing the DDDoSA: Disguised DDoS Attack