Now banned from using Tor or VPNs – and ‘vanity’ handles on social media A British script kiddie who DDoS’d a Labour Party parliamentary candidate’s website in the runup to the last general election has been banned from using the Tor browser.…
Tag Archives: social-media
Four evolved cyber-threats APAC organisations must pay attention to in 2017
US$81 million stolen from a Bangladesh bank. 500 million Yahoo! accounts swiped. A DDoS attack that brought down much of the internet. 2016’s cyber-attack headlines proved more than ever that companies have a visibility problem – they cannot see what is happening beneath the surface of their own networks. Based on Darktrace’s observations, the following predictions demonstrate the need for a new method of cyber defence – an immune system approach, to keep up with the fast-evolving threats that await us in 2017. 1. Attackers Will Not Just Steal Data – They Will Change It Today’s most savvy attackers are moving away from pure data theft or website hacking, to attacks that have a more subtle target – data integrity. We’ve seen ex-students successfully hack college computers to modify their grades. In 2013, Syrian hackers tapped into the Associated Press’ Twitter account and broadcasted fake reports that President Obama had been injured in explosions at the White House. Within minutes the news caused a 150-point drop in the Dow Jones. In 2017, attackers will use their ability to hack information systems not to just make a quick buck, but to cause long-term, reputational damage to individuals or groups, by eroding trust in data itself. The scenario is worrying for industries that rely heavily on public confidence. A laboratory that cannot vouch for the fidelity of medical test results, or a bank that has had account balances tampered with, are examples of organisations at risk. Governments may also fall foul of such attacks, as critical data repositories are altered, and public distrust in national institutions rises. These ‘trust attacks’ are also expected to disrupt the financial markets. An example of this is falsifying market information to cause ill-informed investments. We have already glimpsed the potential of disrupted M&A activity through cyber-attacks – is it a coincidence that the recent disclosure of the Yahoo hack happened while Verizon was in the process of acquiring the company? These attacks even have the power to sway public opinion. Hillary Clinton’s election campaign suffered a blow when thousands of emails from her campaign were leaked. An even graver risk would not be simply leaked emails but manipulation to create a false impression that a candidate has done something illegal or dishonourable. 2. More Attacks and Latent Threats Will Come from Insiders Insiders are often the source of the most dangerous attacks. They are harder to detect, because they use legitimate user credentials. They can do maximum damage, because they have knowledge of and privileged access to information required for their jobs, and can hop between network segments. A disgruntled employee looking to do damage stands a good chance through a cyber-attack. But insider threats are not just staff with chips on their shoulders. Non-malicious insiders are just as much of a vulnerability as deliberate saboteurs. How many times have links been clicked before checking email addresses? Or security policy contravened to get a job done quicker, such as uploading confidential documents on less secure public file hosting services? We can no longer reasonably expect 100 percent of employees and network users to be impervious to cyber-threats that are getting more advanced – they won’t make the right decision, every time. Organisations need to combat this insider threat by gaining visibility into their internal systems, rather than trying to reinforce their network perimeter. We don’t expect our skin to protect us from viruses – so we shouldn’t expect a firewall to stop advanced cyber-threats which, in many cases, originate from the inside in the first place. Just in the past year, immune system defence techniques have caught a plethora of insider threats, including an employee deliberately exfiltrating a customer database a week before handing in his notice; a game developer sending source code to his home email address so that he could work remotely over the weekend; a system administrator uploading network information to their home broadband router – the list goes on. Due to the increasing sophistication of external hackers, we are going to have a harder time distinguishing between insiders and external attackers who have hijacked legitimate user credentials. 3. The Internet of Things Will Become the Internet of Vulnerabilities According to IDC, 8.6 billion connected things will be in use across APAC in 2020, with more than half of major new business processes incorporating some element of IoT. These smart devices are woefully insecure in many cases – offering a golden opportunity for hackers. 2016 has seen some of the most innovative corporate hacks involving connected things. In the breach of DNS service Dyn in October, malware spread rapidly across an unprecedented number of devices including webcams and digital video recorders. In Singapore and Germany, we saw smaller but similar incidents with StarHub and Deutsche Telekom. Many of this year’s IoT hacks have gone unreported – they include printers, air conditioners and even a coffee machine. These attacks used IoT devices as stepping stones, from which to jump to more interesting areas of the network. However, sometimes the target is the device itself. One of the most shocking threats that we saw was when the fingerprint scanner that controlled the entrance to a major manufacturing plant was compromised – attackers were caught in the process of changing biometric data with their own fingerprints to gain physical access. In another attack, the videoconferencing unit at a sports company was hacked, and audio files were being transferred back to an unknown server in another continent. Want to be a fly on the wall in a FTSE100 company’s boardroom? Try hacking the video camera. 4. Artificial Intelligence Will Go Dark Artificial intelligence is exciting for many reasons – self-driving cars, virtual assistants, better weather forecasting etc. But artificial intelligence will also be used by attackers to wield highly sophisticated and persistent attacks that blend into the noise of busy networks. We have already seen the first glimpses of these types of attack. Polymorphic malware, which changes its attributes mid-attack to evade detection, has reinforced the obsoleteness of signature-based detection methods. What is emerging is a next generation of attacks that use AI-powered, customised code to emulate the behaviours of specific users so accurately as to fool even skilled security personnel. In 2017, we can expect AI to be applied to all stages of a cyber-attacker’s mission. This includes the ability to craft sophisticated and bespoke phishing campaigns that will successfully dupe even the most threat-conscious employee. Next year’s attacker can see more than your social media profile – they know that your 10am meeting with your supplier is being held at their new headquarters. At 9:15am, as you get off the train, an email with the subject line ‘Directions to Our Office’ arrives in your inbox, apparently from the person that you are meeting. Now, do you click the map link in that email? Source: http://www.mis-asia.com/tech/security/four-evolved-cyber-threats-apac-organisations-must-pay-attention-to-in-2017/?page=3
Originally posted here:
Four evolved cyber-threats APAC organisations must pay attention to in 2017
The DDoS vigilantes trying to silence Black Lives Matter
The Web lets anyone be a publisher—or a vigilante “Through our e-mails and our social media accounts we get death threats all the time,” said Janisha Gabriel. “For anyone who’s involved in this type of work, you know that you take certain risks.” These aren’t the words of a politician or a prison guard but of a Web designer. Gabriel owns Haki Creatives , a design firm that specializes in building websites for social activist groups like Black Lives Matter (BLM)—and for that work strangers want to kill her. When these people aren’t hurling threats at the site’s designer, they’re hurling attacks at the BLM site itself—on 117 separate occasions in the past six months, to be precise. They’re renting servers and wielding botnets, putting attack calls out on social media, and trialling different attack methods to see what sticks. In fact, it’s not even clear whether ‘they’ are the people publicly claiming to perform the attacks. I wanted to know just what it takes to keep a website like BlackLivesMatter.com online and how its opponents try to take it down. What I found was a story that involves Twitter campaigns, YouTube exposés, Anonymous-affiliated hacker groups, and a range of offensive and defensive software. And it’s a story taking place in the background whenever you type in the URL of a controversial site. BlackLivesMatter.com Although the Black Lives Matter movement has been active since 2013, the group’s official website was set up in late 2014 after the shooting of Michael Brown in Ferguson, Missouri. Until that point, online activity had coalesced around the #BlackLivesMatter hashtag, but when the mass mobilizations in Ferguson took the movement into the public eye, a central site was created to share information and help members connect with one another. Since its creation, pushback against BLM has been strong in both the physical and digital world. The BLM website was taken down a number of times by DDoS attacks, which its original hosting provider struggled to deal with. Searching for a provider that could handle a high-risk client, BLM site admins discovered MayFirst , a radical tech collective that specializes in supporting social justice causes such as the pro-Palestinian BDS movement, which has similarly been a target for cyberattacks . MayFirst refers many high-profile clients to eQualit.ie , a Canadian not-for-profit organization that gives digital support to civil society and human rights groups; the group’s Deflect service currently provides distributed denial of service (DDoS) protection to the Black Lives Matter site. In a report published today , eQualit.ie has analyzed six months’ worth of attempted attacks on BLM, including a complete timeline, attack vectors, and their effectiveness, providing a glimpse behind the curtain at what it takes to keep such a site running. The first real attack came only days after BLM signed up with Deflect. The attacker used Slowloris , a clever but dated piece of software that can, in theory, allow a single machine to take down a Web server with a stealthy but insistent attack. Billed as “the low bandwidth yet greedy and poisonous http client,” Slowloris stages a “slow” denial of service attack. Instead of aggressively flooding the network, the program makes a steadily increasing number of HTTP requests but never completes them. Instead, it sends occasional HTTP headers to keep the connections open until the server has used up its resource pool and cannot accept new requests from other legitimate sources. Elegant as Slowloris was when written in 2009, many servers now implement rules to address such attacks. In this case, the attack on BLM was quickly detected and blocked. But the range of attack attempts was about to get much wider. Anonymous “exposes racism” On May 2, 2016, YouTube channel @anonymous_exposes_racism uploaded a video called “ Anonymous exposes anti-white racism . ” The channel, active from eight months before this date, had previously featured short news clips and archival footage captioned with inflammatory statements (“Louis Farrakhan said WHITE PEOPLE DESERVE TO DIE”). But this new video was original material, produced with the familiar Anonymous aesthetic—dramatic opening music, a masked man glitching across the screen, and a computerized voice speaking in a strange cadence: “We have taken down a couple of your websites and will continue to take down, deface, and harvest your databases until your leaders step up and discourage racist and hateful behavior. Very simply, we expect nothing less than a statement from your leadership that all hate is wrong… If this does not happen we will consider you another hate group and you can expect our attention.” The “we” in question was presumably a splinter cell of Anonymous known as the Ghost Squad Hackers. Three days previously, in a series of tweets on April 29, Ghost Sqaud’s self-styled admin “@_s1ege” claimed to have taken the BLM site offline. Ghost Squad had a history of similar claims; shortly before this, it had launched an attack against a Ku Klux Klan website , taking it offline for a period of days. Dr. Gabriella Coleman is an anthropologist and the author of Hacker, Hoaxer, Whistleblower, Spy — considered the foremost piece of scholarship on Anonymous. (She also serves as a board member of eQualit.ie.) She said that Ghost Squad is currently one of the most prolific defacement and DDoS groups operating under the banner of Anonymous, but she also noted that only a few members have ever spoken publicly. “Unless you’re in conversation with members of a group, it’s hard to know what their culture is,” said Coleman. “I could imagine hypothetically that a lot of people who use the Ghost Squad mantle might not be for [attacking Black Lives Matter] but also might not be against it enough to speak out. You don’t know whether they all actively support it or just tolerate it.” Just as with Anonymous as a whole, this uncertainty is compounded by doubts about the identity of those claiming to be Ghost Squad at any given time—a fact borne out by the sometimes chaotic attack patterns shown in the traffic analytics. The April 29 attack announced by S1ege was accompanied by a screenshot showing a Kali Linux desktop running a piece of software called Black Horizon. As eQualit.ie’s report notes, BlackHorizon is essentially a re-branded clone of GoldenEye , itself based on HULK , which was written as proof-of-concept code in 2012 by security researcher Barry Shteiman. All of these attack scripts share a method known as randomized no-cache flood, the concept of which is to have one user submit a high number of requests made to look like they are each unique. This is achieved by choosing a random user agent from a list, forging a fake referrer, and generating custom URL parameter names for each site request. This tricks the server into thinking it must return a new page each time instead of serving up a cached copy, maximizing server load with minimum effort from the attacker. But once details of the Ghost Squad attack were published on HackRead , a flurry of other attacks materialized, many using far less effective methods. (At its most basic, one attack could be written in just three lines of Python code.) Coleman told me that this pattern is typical. “DDoS operations can attract a lot of people just to show up,” she said. “There’ll always be a percentage of people who are motivated by political beliefs, but others are just messing around and trying out whatever firepower they have.” One group had first called for the attack, but a digital mob soon took over. Complex threats Civil society organizations face cyberattacks more often than most of us realize. It’s a problem that these attacks exist in the first place, of course, but it’s also a problem that both successful and failed attempts so often happen in silence. In an article on state-sponsored hacking of human rights organizations, Eva Galperin and Morgan Marquis-Boire write that this silence only helps the attackers . Without publicly available information about the nature of the threat, vulnerable users lack the information needed to take appropriate steps to protect themselves, and conversations around effective defensive procedures remain siloed. When I spoke to Galperin, who works as a global policy analyst at the Electronic Frontier Foundation, she said that she hears of a civil society group being attacked “once every few days,” though some groups draw more fire and from a greater range of adversaries. “[BLM’s] concerns are actually rather complicated, because their potential attackers are not necessarily state actors,” said Galperin. “In some ways, an attacker that is not a nation state—and that has a grudge—is much more dangerous. You will have a much harder time predicting what they are going to do, and they are likely to be very persistent. And that makes them harder to protect against.” By way of illustration, Galperin points to an incident in June 2016 when prominent BLM activist Deray Mckesson’s Twitter account was compromised despite being protected by two-factor authentication. The hackers used social engineering techniques to trick Mckesson’s phone provider into rerouting his text messages to a different SIM card , an attack that required a careful study of the target to execute. Besides their unpredictability, persistence was also a defining feature of the BLM attacks. From April to October of this year, eQualit.ie observed more than 100 separate incidents, most of which used freely available tools that have documentation and even tutorials online. With such a diversity of threats, could it ever be possible to know who was really behind them? Chasing botherders One morning soon after I had started researching this story, a message popped up in my inbox: “Hello how are you? How would you like to prove I am me?” I had put the word out among contacts in the hacking scene that I was trying to get a line on S1ege, and someone had reached out in response. Of course, asking a hacker to prove his or her identity doesn’t get you a signed passport photo; but whoever contacted me then sent a message from the @GhostSquadHack Twitter account, used to announce most of the team’s exploits, a proof that seemed good enough to take provisionally. According to S1ege, nearly all of the attacks against BLM were carried out by Ghost Squad Hackers on the grounds that Black Lives Matter are “fighting racism with racism” and “going about things in the wrong way.” Our conversation was peppered with standard-issue Anon claims: the real struggle was between rich and poor with the media used as a tool to sow division and, therefore, the real problem wasn’t racism but who funded the media. Was this all true? It’s hard to know. S1ege’s claim that Ghost Squad was responsible for most of the attacks on BLM appears to be new; besides the tweets on April 29, none of the other attacks on BLM have been claimed by Ghost Squad or anyone else. To add more confusion, April 29 was also the date that S1ege’s Twitter account was created, and the claim to be staging Op AllLivesMatter wasn’t repeated by the main Ghost Squad account until other media began reporting it, at which point the account simply shared posts already attributing it to them. Despite being pressed, S1ege would not be drawn on any of the technical details which would have proved inside knowledge of the larger attacks. Our conversation stalled. The last message before silence simply read: “The operation is dormant until we see something racist from their movement again.” Behind the mask As eQualit.ie makes clear, the most powerful attacks leveraged against the BLM website were not part of the wave announced back in April by Ghost Squad. In May, July, September, and October, a “sophisticated actor” used a method known as WordPress pingback reflection to launch several powerful attacks on the site, the largest of which made upwards of 34 million connections. The attack exploits an innocuous feature of WordPress sites, their ability to send a notification to another site that has been linked to, informing it of the link. The problem is that, by default, all WordPress sites can be sent a request by a third party, which causes them to give a pingback notification to any URL specified in the request. Thus, a malicious attacker can direct hundreds of thousands of legitimate sites to make requests to the same server, causing it to crash. Since this attack became commonplace, the latest version of WordPress includes the IP address requesting the pingback in the request itself. Here’s an example: WordPress/4.6; http://victim.site.com; verifying pingback from 8.8.4.4 Sometimes these IP addresses are spoofed—for illustration purposes, the above example (8.8.4.4) corresponds to Google’s public DNS server—but when they do correspond to an address in the global IP space, they can provide useful clues about the attacker. Such addresses often resolve to “botherder” machines, command and control servers used to direct such mass attacks through compromised computers (the “botnet”) around the globe. In this case, the attack did come with clues: five IP addresses accounted for the majority of all botherder servers seen in the logs. All five were traceable back to DMZHOST , an “offshore” hosting provider claiming to operate from a “secured Netherland datacenter privacy bunker.” The same IP addresses have been linked by other organizations to separate botnet attacks targeting other groups. Beyond this the owner is, for now, unknown. (The host’s privacy policy simply reads: “DMZHOST does not store any information / log about user activity.”) The eQualit.ie report mentions these details in a section titled “Maskirovka,” the Russian word for military deception, because hacking groups like Ghost Squad (and Anonymous as a whole) can also provide an ideal screen for other actors, including nation-states. Like terrorism or guerrilla combat, DDoS attacks and other online harassment fit into a classic paradigm of asymmetrical warfare, where the resources needed to mount an attack are far less than those needed to defend against it. Botnets can be rented on-demand for around $60 per day on the black market, but the price of being flooded by one can run into the hundreds of thousands of dollars. (Commercial DDoS protection can itself cost hundreds of dollars per month. eQualit.ie provides its service to clients for free, but this is only possible by covering the operating costs with grant funding.) The Internet had long been lauded as a democratizing force where anyone can become a publisher. But today, the cost of free speech can be directly tied to the cost of fighting off the attacks that would silence it. Source: http://arstechnica.com/security/2016/12/hack_attacks_on_black_lives_matter/
Read the article:
The DDoS vigilantes trying to silence Black Lives Matter
Warcraft, Overwatch Down? Blizzard DDoS Attacks Affect Gaming Service
Miscreants have struck Blizzard servers again with multiple waves of DDoS attacks over the last 12 hours. Warcraft and Overwatch, two massively popular games, have been facing latency, login and disconnection issues even while Blizzard has been working on fixing the problem. The company first acknowledged the problem in a tweet Sunday evening. Since then, Blizzard claimed to have regained control over matters at its end, only to announce twice the DDoS attacks had restarted. Its last update, at 11:42 p.m. EST Sunday, came three hours after the last wave of DDoS attacks. On Twitter, a group calling itself Phantom Squad claimed responsibility for the attack Blizzard also provided a link to a support page on its website that may help some users troubleshoot their connection problems. As always, social media was abuzz with users venting their frustration at the gaming servers being affected. This is at least the fifth such instance in the last few months. The company also has a scheduled maintenance coming up Tuesday. Source: http://www.ibtimes.com/warcraft-overwatch-down-blizzard-ddos-attacks-affect-gaming-service-2454782
View the original here:
Warcraft, Overwatch Down? Blizzard DDoS Attacks Affect Gaming Service
WikiLeaks website suffers mysterious outage sparking Rule 41 hacking conspiracy
The website was offline for roughly four hours on 1 December. Whistleblowing website WikiLeaks suffered a mysterious outage on the morning of 1 December for roughly four hours, two days after posting its release of a searchable database of 60,000 emails from US government contractor HBGary. The website reportedly went down at around 4:00am (GMT), with some social media users quickly speculating it was the result of yet another distributed-denial-of-service (DDoS) assault – a form of cyberattack that sends waves of traffic at a web server in order to force it offline. By 9:00am (GMT) the website had fully resurfaced. “WikiLeaks is offline. Page no longer exists?!” one user wrote. Another said: “@WikiLeaks is down right now. Could be DDoS attack.” Meanwhile, a well-known account linked with Anonymous added: “Rule 41 happens and the first thing that goes down? WikiLeaks, of course, is currently unreachable.” Rule 41 is the newly-passed law in the US that permits the FBI and other agencies to conduct hacking-based investigations on multiple computers with a single warrant. Despite the claims of Anonymous, there is nothing to suggest it was related to any problems with WikiLeaks’ website. IBTimes UK contacted WikiLeaks for comment however had received no response at the time of publication. The outage comes after a slew of politically-charged leaks from the Democratic National Committee (DNC) and the personal email inbox of John Podesta, a close aide to Hillary Clinton. In October, Julian Assange, the founder of the organisation, claimed that unknown forces within the “DC establishment” had attempted to disrupt WikiLeaks’ operations via cyberattack after it released a collection of emails from the DNC. “The US DC establishment – which believes that Hillary Clinton will be the winner of the election – tried to find different ways to distract from our publications,” he said at the time, adding: “They started attacking our servers with DDoS attacks and attempted hacking attacks.” Later, on the morning of 7 November, after publishing 8,000 more DNC emails, WikiLeaks issued a series of updates to its four million-strong follower base about yet another attack. It said: “ WikiLeaks.org was down briefly. That’s rare. We’re investigating.” Later, it added: “Our email publication servers are under a targeted DoS attack.” Most recently, Assange renewed his effort to be allowed to exit the Ecuadorian embassy in London after a United Nations (UN) panel reinforced an earlier ruling that he was being arbitrarily detained. The decision came down after an appeal by the UK government. “Now that all appeals are exhausted I expect that the UK and Sweden will comply with their international obligations and set me free,” Assange said in a statement. “It is an obvious and grotesque injustice to detain someone for six years who hasn’t even been charged with an offence.” Source: http://www.ibtimes.co.uk/wikileaks-website-suffers-mysterious-outage-sparking-rule-41-hacking-conspiracy-1594392
Read the article:
WikiLeaks website suffers mysterious outage sparking Rule 41 hacking conspiracy
How hackers could wreak havoc on the US election
AS VOTES are counted and polls close across America, security experts have warned that hackers could disrupt the presidential election process. “Anything that unsettles the election process would be a complete disaster,” explained Stephen Gates, chief research intelligence analyst at security specialist NSFOCUS. “Misinformation on exit polls, widespread internet and media outages, and delays in reporting could seriously impact people’s desire to vote and even worse — trust the results.” Mr Gates pointed to the mysterious cyber attacks that recently snarled East Coast Web traffic as evidence of hackers’ ability to cause disruption. A number of major sites including Twitter, Netflix, Spotify and Reddit were impacted by the October 21 distributed denial of service attacks (DDoS), on internet services company Dyn. DDoS attacks, which often occur when a hacker “floods” a network with information, are a popular method for disrupting websites and services. Mr Gates warned that, in addition to large DDoS attacks on internet infrastructure, online news and media outlets, attackers could target voter registration systems by launching smaller attacks on individual polling centres. “Many of these verification systems are likely online and need to access state databases where voter registration and verification is required to cast a vote,” he said. “Attacks against registered voter databases themselves would also be highly likely.” DDoS attacks and bogus election posts could also flood social media sites and spread misinformation, he warned, noting that so-called ‘man-in-the-middle’ attacks against polling centres as they report their final numbers to collection centres are also possible. In a man-in-the-middle attack a hacker secretly intercepts, and potentially alters, information as it is sent between two parties. Roger Kay, president of Endpoint Technologies Associates, also sees a potential DDoS threat. “I have considered it a real possibility, not only are the cyber tools available, but the motivation is there as well, from anyone — they could be state actors, they could be malicious hackers.” Hackers, for example, could use the internet of Things, where even household devices are web-enabled, as a launch pad for their attacks, according to Mr Kay. The analyst, however, notes that major DDoS attacks are difficult for hackers to sustain, and also cites the low-tech nature of some US election infrastructure. “If you look at the safety of the democratic structure, there’s all these decentralised activities, many of which are paper[-based].” Nonetheless, a Department of Homeland Security report obtained by FoxNews.com warns that parts of America’s election infrastructure are vulnerable to cyber attack. While the risk to computer-enabled election systems varies from county to county, targeted attacks against individual voter registration databases are possible, it said. One technology being touted as a potential solution to cyber threats and voter fraud is blockchain. Blockchain, which uses a decentralised security protocol, could be used to safely record and transmit votes. Because blockchain messages are distributed and not kept in one central location, they are very difficult to tamper with, say experts. “The technology could be used to prevent voter fraud (e.g., multiple votes by a single person) through use of private keys for each voter and storage of votes on an immutable blockchain ledger,” Joe Guagliardo, chair of the Blockchain Technology Group at law firm Pepper Hamilton, in an email to FoxNews.com. “Once the vote has been cast and verified, it cannot be changed without verification by all of the nodes in the network (potentially millions or more) — fraudulent activity would require computational power to overcome the resources of the collective nodes in the net.” Source: http://www.ntnews.com.au/technology/how-hackers-could-wreak-havoc-on-the-us-election/news-story/4f732c684f8f14eeee46e82641bcd5f8
DDoS Attacks: Cybercriminals Are More Homegrown Than You Think
Researchers from the FBI and a private security company say many of the distributed denial of service attacks emanate from the West. BLACK HAT USA – Las Vegas – The stereotype of the seedy cybercriminal from Russia or Eastern Europe may no longer be valid. FBI agent Elliott Peterson told Black Hat attendees this morning that when it comes to the most recent DDoS attacks, the vast majority come from North America, Western Europe and Israel. And many are 16 to 17-years of age or in their mid-20s. “Many use their nicknames on Skype or Twitter and they are heavy users of social media,” said Peterson. Peterson and Andre Correa, cofounder of Malware Patrol, shared much of their recent research on DDoS attacks at a briefing session here this morning. They focused much of their research on amplification and reflection attacks, booters/stressers and IoT and Linux-based botnets. Peterson said the amplification and reflection attacks get a good rate of return: a hacker can send one byte and get 200 in return. The bad threat actors now sell amplification lists that criminals can easily buy over commercial web interfaces. The booters and stressers are inexpensive, they cost roughly $5 to $20 a month and require very little technical knowledge for the criminal to deploy. And on the IoT front, botnets are creating scanning hosts for default credentials or vulnerabilities. A bot is then automatically downloaded and executed. Over the past several months, Peterson and Correa have compiled more than 8 million records. They said last month, the leading DDoS type was SSDP at Port 1900. “This was kind of interesting since most people may think that NTPs were the leading cause of DDoSs, but they scored much lower because many NTP servers have been patched of late,” said Correa. Peterson said some of the criminals are just total scam artists. “They just take your money and don’t do the attack,” he said. “On the other hand, there are also some sophisticated players offering turnkey DDoS services. They provide attack scripts, amp lists and good customer service, sometimes up to six people on hand. Other findings: most attacks are in the 1-5 Gbps range, with the highest DDoS observed at 30 Gbps. Source: http://www.darkreading.com/attacks-breaches/ddos-attacks-cybercriminals-are-more-homegrown-than-you-think-/d/d-id/1326508
See more here:
DDoS Attacks: Cybercriminals Are More Homegrown Than You Think
GTA 5 Outage: Why Grand Theft Auto V Was Not Working
PSN was also attacked Poodlecorp launched a Distributed Denial of Service (DDoS) attack on Rockstar Games’ GTA 5 servers to take the game down. This resulted in players being unable to play the online elements of the game with others. The attack lasted for a few hours before service was restored. The hack of GTA 5 resulted in online elements from every version of the game not working. Those that tried to play during this time were met with error messages. Poodlecorp took to social media to claim responsibility for the hack and said more was in store for gamers on Sony Corp (ADR)’s (NYSE: SNE ) PlayStation Network, reports Daily Star . Poodlecorp claimed it was able to cause small outages in the PlayStation Network for PS3 and PS4 users on Thursday morning. However, this doesn’t seem to be all it has planned. It claims that this was only a test before it launches a larger attack. Poodlecorp hasn’t announced plans for any other attacks outside of GTA 5 and the PlayStation Network. While the Grand Theft Auto V servers are back up, there’s a possibility they could go down again throughout the day. The same is also true for the PlayStation Network. One of Poodlecorp’s members recently claimed in an interview that its ranks includes previous members of hacker group Lizard Squad. The group also took responsibility for an attack on Nintendo Co., Ltd (ADR)’s (OTCMKTS: NTDOY ) Pokemon Go servers late last month, Express notes. Source: http://investorplace.com/2016/08/gta-5-outage-grand-theft-auto-v-rockstar-games-poodlecorp/#.V6OhaWWgPzI
Excerpt from:
GTA 5 Outage: Why Grand Theft Auto V Was Not Working
HSBC Website Suffers DDoS Attack
OurMine Hacking group conducted a massive DDoS attack on HSBC websites forcing the sites to go offline in UK and the USA! The official domain of HSBC (Hongkong and Shanghai Banking Corporation) came under massive distributed denial-of-service (DDoS) attack on 12July affecting domain in UK and the USA. The DDoS attack was conducted by OurMine hacking group which previously made headlines for hacking social media accounts of high-profile tech celebrities including Facebook’s Mark Zuckerberg and Google’s Sundar Pichai but this is the second DDoS attack after WikiLeaks last week. Currently, the reason for targeting HSBC bank is unknown though according to SoftPedia the cyber attack was stopped within few hours after one of HSBC’s staffs contacted the attackers. “Hello, We stopped the attack of HSBC Bank! a staff of HSBC Talked with us,” stated the hackers on their official blog. Screenshot shared by attackers shows HSBC’s UK and US domains are down! It is unclear if the bank was targeted for ransom or just for fun, however, this is not the first time when HSBC faced such attacks. In January 2016 hacktivists from New World Hacktivists (NWH) claimed responsibility for a DDoS attack on HSBC’s mobile servers on payday. As far as OurMine is concerned, it is the same group who hacked Google’s CEO Sundar Pichai Quora account which was also linked to his Twitter account, the group also hacked Facebook’s CEO Mark Zuckerberg Twitter and Pinterest accounts and last but not the least the official Twitter account of Twitter’s CEO Jack Dorsey was also taken over by the same group. DDoS attacks have been increasing with every passing day . In the past, DDoS attacks were conducted just for fun or to shut down servers but now hackers attack sites for ransom and keep them down until a ransom is paid. The ProtonMail DDoS attack is a fine example of how these attacks are becoming another online mafia to steal money. At the time of publishing this article, both targeted sites were reachable. Source: https://www.hackread.com/hsbc-website-suffers-ddos-attack/
Read the original post:
HSBC Website Suffers DDoS Attack