Tag Archives: stop ddos attacks

Two Arrested in DDoS Attacks Linked to Online Gambling Site Extortion

Last month’s arrest in Bosnia and Herzegovena of two individuals connected to the cyber-crime group DD4BC have been definitely linked to a series of DDoS extortion attacks over the past 18 months, many of which were targeted at online-gambling firms. PokerStars and Betfair are among the various companies to have been targeted by the extortionists, who typically sought modest and largely-anonymous payments made in Bitcoins in exchange for ceasing the attacks. The DD4BC group, an acronym for DDoS (Distributed Denial of Service attack) For BitCoins, is a loosely organized group of online hackers and thieves who have congregated in some of the Internet’s darker, more anonymous holes. The group’s widespread members share information and online weaponry in their attempts to extract payments from their targets. Failure to provide payoffs by the group’s targeted victims typically results in intermittent and ongoing DDoS attacks, designed to flood the victim’s servers with meaningless online traffic, making normal business impossible. The arrests of the two unidentified individuals was announced by Europol earlier this month, with one of the two individuals described as being a leader of the informal DD4BC group. These initial arrests were part of an international operation dubbed Operation Pleaides. According to the Netherlands-based Europol, which is the official intelligence agency of the European Union, “The action was initiated as part of a global law enforcement response against the criminal organisation. Key members of the organised network were identified in Bosnia and Herzegovina by the UK Metropolitan Police Cyber Crime Unit (MPCCU) which provided vital information to the investigation. Police authorities from Australia, France, Japan, Romania, the USA, Switzerland and INTERPOL supported the coordinated activities. “Operation Pleiades resulted in the arrest of a main target and one more suspect detained,” the Europol statement added. “Multiple property searches were carried out and an extensive amount of evidence was seized,” indicating that more arrests of DD4BC members are likely in the coming weeks and months. The actual “Operation Pleiades” action was initiated in Austria and included Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce. The operation slowly unwound the ghostly online tracks of the extortionists by examining “blockchain” entries for Bitcoin transactions related to the DDoS threats, plus other data linked to the group’s activities. Bitcoin-based transactions are anonymous but not perfectly transparent, and can often be traced back to their originators using secondary means. The DD4BC attacks, which appear to have started in early 2014, have targeted several different business and government sectors. Victims range from online gambling firms to Bitcoin exchanges and mining groups, to online banking and payment processors. Even some government institutions have been targeted. Online-poker market leader PokerStars was confirmed as one the DD4BC extortion attempts in April 2015, amid information on the DD4BC attacks assembled by Arbor Networks, the security division of NetScout Systems, Inc. Massachusetts-based NetScout appears to have assisted international authorities in identifying the perpetrators behind the hundreds of DD4BC attacks. In addition to PokerStars, Betfair is almost certainly another of the DD4BC group’s victims. Betfair was also targeted last April in a DDoS attack strong enough to knock both its betting exchange and fixed-odds sportsbook offline. The attack on the “unnamed online casino” (likely Betfair) began in earnest on April 10th, following an initial probing attack launched the day before, along with a demand for payment. The information amassed by Arbor Networks also includes many of the threats e-mailed by DD4BC members to their intended victims. Here’s the e-mail that was sent to the “unnamed” casino company (likely Betfair), immediately following attacks against Stars and online payment processor NETeller: From: DD4BC Team [mailto:dd4bct@gmail.com] Sent: 10 April 2015 02:07 PM To Subject: Re: DDOS ATTACK! Hitting pokerstars.com at the moment. Good luck if you think you can stop what they can’t. But you still have time. On Thu, Apr 9, 2015 at 3:46 PM, DD4BC Team wrote: Hello, To introduce ourselves first: https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html http://bitcoinbountyhunter.com/bitalo.html http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accusesccedk-of-withholding-info Or just google “DD4BC” and you will find more info. Recently, we were DDoS-ing Neteller. You probably know it already. So, it’s your turn! is going under attack unless you pay 20 Bitcoin. Pay to 18NeYaX6GCnibNkwyuGhGLuU2tYzbxvW7z Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don’t even bother. Right now we are running small demonstrative attack on your server. Don’t worry, it will stop in 1 hour. It’s just to prove that we are serious. We are aware that you probably don’t have 20 BTC at the moment, so we are giving you 48 hours to get it and pay us. We do not know your exact location, so it’s hard to recommend any Bitcoin exchanger, so use Google. Current price of 1 BTC is about 250 USD. IMPORTANT: You don’t even have to reply. Just pay 20 BTC to 18NeYaX6GCnibNkwyuGhGLuU2tYzbxvW7z – we will know it’s you and you will never hear from us again. We say it because for big companies it’s usually the problem as they don’t want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. But if you ignore us, and don’t pay within 48 hours, long term attack will start, price to stop will go to 50 BTC and will keep increasing for every hour of attack. ONE MORE TIME: It’s a one-time payment. Pay and you will not hear from us ever again! Variations on the same extortion letter were sent to several other victims; this sample was distinct with the specific mentions of PokerStars and NETeller. In addition to those two firms and the likely inclusion of Betfair, several other online-gambling companies are known to be targets of the group. Those companies include Nitrogen Sports, Malta-based NRR Entertainment Ltd. (including slottyvegas.com and betatcasino.com), Betbtc.com, Redbet.com and others. It is also likely that last July’s DDoS attacks against several New Jersey (U.S.) online sites were the work of DD4BC extortionists. Though those attacks are not referenced in the ASERT compilation, the July attacks are also outside the date range of most of the earlier attacks included in that report. When the New Jersey attacks occurred, NJ Division of Gaming Enforcement director David Rebuck stated this about the perpetrator: “He’s a known actor. He’s done this before.” While DD4BC seems likely to be peeled open by international invetigators, DDoS-based extortion attempts aren’t going to go away. The reason is that the tools needed to launch such attacks are too cheaply and commonly available to would-be cyber-attackers. As a result, the best defense remain vigilance, rapid response… and robust Internet connectivity. According to Wil van Gemert, Europol’s Deputy Director of Operations, “Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage. Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.” Source: http://www.flushdraw.net/news/misc/two-arrested-in-ddos-attacks-linked-to-online-gambling-site-extortion/

Excerpt from:
Two Arrested in DDoS Attacks Linked to Online Gambling Site Extortion

World’s Largest DDoS Attack Breaks Records, Clocks At Massive 500 Gbps

In its latest Worldwide Infrastructure Security Report, Arbor Networks reports on the biggest distributed denial of service attack, which had a whopping load of 500 Gbps. The previous largest DDoS attack was of “only” 300 Gbps. It involved young aspiring hacker Seth Nolan-Mcdonagh, who temporarily took down SpamHaus’ webpage. In some cases, the attacks are carried out by state-funded organizations instead of individuals. Last year, GitHub went down after it suffered a DDoS attack, and the main suspect was China, which has a tumultuous history with the software repository. The programming website was even blocked by the Chinese authorities for a short amount of time. The yearly Arbor survey uses data from hosts, mobile service providers and service providers. The survey, which ran until November 2015, got the results based on the 354 global participants who answered questions on network safety specifically about protocols used for reflection/amplification. “The largest attack reported by a respondent this year was 500Gbps, with other respondents reporting attacks of 450Gbps, 425Gbps, and 337Gbps,” the report states. This marks a worrying trend among top-end size DDoS attacks, which get more ambitious every year. The security firm has the numbers to back this statement up. In the previous report, Arbor discovered that one-fifth of respondents got slammed with attacks that topped 50 Gbps. This year’s survey shows a hefty increase, as a quarter of respondents talk of attacks that go more than 100 Gbps. While only five respondents found evidence of DDoS attacks topping 200 Gbps, there were many reports of attacks between 100 and 200 Gbps. Arbor Networks points out that cloud-based services are increasingly becoming tempting targets, as they now make up 33 percent of attacks. Another staple of last year’s hacking attempts is the exploitation of weaknesses in the network time protocol. Reflection and amplification attacks can easily make use of the soft spots in the security infrastructure, leading to significant damages. As a countermeasure, servers keep receiving updates and security patches that should (in theory) keep them safe from attackers who gain a large response to a small query and use it towards a target of their choosing. “[S]ecurity is a human endeavor and there are skilled adversaries on both sides,” Darren Anstee, chief security technologist at Arbor Networks, says. An interesting shift exists in the DDoS attackers’ motivation: the perpetrators no longer seem to find joy in hacktivism or vandalism. Unlike in previous years, extorting the victims and banking on the vulnerabilities of network systems now seem to be the prevalent reasons. In order to accomplish this, they use multi-vector simultaneous attacks which plow through applications, services and infrastructure. A vast majority of respondents identified application-layer DDoS attacks, which targeted DNS services instead of Web servers. Looking at the larger picture, multi-vector attacks counted for 56 percent of customer outages, up from 42 percent in the previous year. More than 50 percent of the respondents told Arbor that DDoS attacks go after the inline firewalls and bring down the internet connectivity. Arbor explains that these devices are the first to fall in case of a DDoS attack and underlines that being inline can greatly add to network latency. Source: http://www.techtimes.com/articles/128260/20160127/worlds-largest-ddos-attack-breaks-records-clocks-at-massive-500-gbps-worldwide-infrastructure-security-report.htm

View article:
World’s Largest DDoS Attack Breaks Records, Clocks At Massive 500 Gbps

DDoS Attack Hits Kickass Torrents, DNS Servers Crippled

Site goes down for most of the day on January 16 Kickass Torrents, the Internet’s biggest torrent portal has suffered downtime yesterday after an unknown attacker has pummeled the site with a DDoS attack. According to a statement given by the site’s administrators to TorrentFreak, a blog dedicated to piracy news, the attack was aimed at the website’s DNS servers. Because of this, both the main domain and the plethora of official site proxies were down as well. The brunt of the attack was registered yesterday, January 16, and had the site taken offline for almost all day. Previously, during the week, the site was also hit by smaller DDoS attacks. Everything seems to be up and running now, but expect future attacks as well. The attack fits the pattern of a DDoS extortion campaign, when small attacks are launched at first, and then a bigger one to force victims into paying the DDoS ransom. Earlier this week, Europol announced the capture of the famed DD4BC DDoS extortion group in Bosnia and Herzegovina. DD4BC is the first group known to launch DDoS attacks and then ask for payments in Bitcoin. The group’s actions have been copied by many other DDoSing outfits, and most DDoS attacks nowadays are launched for this reason. Kickass Torrents is one of Alexa’s top 100 sites on the Internet, meaning it’s an attractive target for DDoSing groups, thanks to its huge advertising revenue. Source: http://news.softpedia.com/news/ddos-attack-hits-kickass-torrents-dns-servers-crippled-499019.shtml

DDoS gang takes down BBC websites, Donald Trump’s campaign site over holiday weekend

A group of computer criminals used two separate distributed denial-of-service (DDoS) attacks to bring down all of the BBC’s websites and Donald Trump’s main campaign site over this past holiday weekend. The story begins on New Year’s Eve, when all BBC sites, including its iPlayer service, went dark for three hours. At the time, the UK-based news organization reported that the outage was the result of a “technical issue”. It later stated that a group calling themselves the “New World Hackers” had claimed credit for launching a DDoS attack against the broadcaster, as a “test of its capabilities” Since then, one of the group’s members who identified himself as “Ownz” took the opportunity to send a screenshot to ZDNet of the web interface that was used to attack the BBC. If the screenshot is legitimate, the group allegedly employed their own tool called BangStresser to launch an attack of up to 602 Gbps – a volume of traffic that well-surpasses the largest attack on record at 334 Gbps, as documented by Arbor Networks in the middle of year. Not untypically, BangStresser is itself protected from DDoS attacks by CloudFlare – one of the popular DDoS mitigation services often deployed by websites keen to protect themselves from attackers. The attack apparently made use of two Amazon Web Services servers, but managed to skirt around the company’s automated misuse detection systems as Ownz explained in an interview with ZDNet : “We have our ways of bypassing Amazon. The best way to describe it is we tap into a few administrative services that Amazon is use to using. The [sic] simply set our bandwidth limit as unlimited and program our own scripts to hide it.” No other information has yet been provided about the attack. But whatever else transpired, the group was sufficiently pleased that they decided to use BangStresser to launch a DDoS against Donald Trump’s official campaign website, donaldjtrump.com, just a few days later. According to Softpedia , Trump’s website went down immediately on Saturday, January 2 and remained dark for several hours until DDoS mitigation solutions were put in place. The attacks, however, remained ongoing throughout the day against mail.trump.com domain, the Trump Organization’s Webmail service. Trump’s camp has yet to officially address the incident. A statement posted on Saturday by Trump’s campaign advisers (and redistributed via HackRead ) attributed the downage to “an unusually high volume of traffic” only. On Monday, Real Forums sat down with members of the group to inquire about their New Year’s exploits. Here’s what they had to say: “Our reasons behind the BBC attack was just a test of our capabilities. Although, the Trump site was the target. He can be very racist. We didn’t mean to cause as much damage as we did to BBC, but for Trump, Yes.” The group goes on to state that it plans to launch additional DDoS attacks against Trump and other large organizations like the BBC . The group also specifically mentions ISIS and the Ku Klux Klan as future targets. We’re not a week into 2016, and we’ve already witnessed DDoS attacks that have succeeded in taking down the websites of major news organizations and U.S. political candidates. It just goes to show that while malware is on the rise, DDoS attacks are not going anywhere in the New Year. As we all get back to work, we should therefore take the time to make sure our enterprises have the necessary DDoS mitigation technologies in place. Source: https://www.grahamcluley.com/2016/01/ddos-gang-takes-bbc-websites-donald-trumps-campaign-site-holiday-weekend/

Continue reading here:
DDoS gang takes down BBC websites, Donald Trump’s campaign site over holiday weekend

BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

Hackers against the Islamic State or ISIS have claimed that the BBC website downtime during New Year’s Eve was their DDoS attack, but with no bad intentions. BBC websites were down for several hours during the evening before January 1, 2016. A company source inside BBC admitted that there was a distributed denial of service attack that took the websites down. Now, anti-ISIS hacker group named as New World Hacking is claiming that they were the reason why the BBC websites were unavailable for a quite long duration. However, they did not hack the website to cripple its capability to disseminate news and such. New World Hacking said that they were just testing their capabilities on BBC’s servers. They did not intend to take the site down for hours. “Let me get you proof of our records really quick, our motive was simply because we can. It was almost exactly a 600 GBps attack. We used two nodes to attack with and a few extra dedicated servers. It was only a test, we didn’t exactly plan to take it down for multiple hours. Our servers are quite strong,” the group told Rory Cellan-Jones from BBC via Twitter. DDoS Attacks In A Nutshell For the uninitiated, a DDoS attacks does not really involve a direct “hack” or penetration of a database, but it could be used as a cover. What happened was that the BBC websites experienced a massive flow of web traffic that came from the hacker group. The websites were not able to keep up with the continued barrage of web traffic, resulting it into shutting down. There are different types of DDoS attacks that can be carried out. Some of the attacks directly flood the websites with more traffic than it can handle. Some send only fragments of data packets, which usually leads to the server piecing it back together instead of catering to their legit site visitors. In order to conduct a successful DDoS attack, hackers usually use a wide network of computers known as botnets. These botnets may consist of their own computers or compromised ones across the globe using their own malware. Attack Only A Test, Not Malicious New World Hacking said that they are based in the United States and that they are determined to take down any ISIS affiliated sites and online accounts. Anonymous has previously declared a cyber-war against ISIS as they continuously help in taking down online propaganda and recruitment sites. BBC’s press office refused to comment on the hacker group’s claim. They also did not confirm nor deny if the DDoS attack was the cause of the website’s temporary downtime. “We realise sometimes what we do is not always the right choice, but without cyber hackers… who is there to fight off online terrorists? The reason we really targeted [the] BBC is because we wanted to see our actual server power,” the group told BBC. One person named Ownz from the hacker group said that they were only a team of 12 people. Eight of them were male and four of them were female. Ownz claims that New World Hacking was formed in 2012. Hacker groups are not new, but only a handful of them have actual good intentions. With ISIS trying to recruit followers and jihadists online, these hackers have stepped up to try and stop them from doing so. Some Internet users are cheering them on, while some have questioned their methods and capabilities. At the core, all the soldier deployed across the globe are considered heroes and not the hackers. New World Hacking Campaigns New World Hacking claims that they have already done their part in making the world a better and safer place. They took part in the #OpParis effort in order to help determine the identities of IS affiliated accounts after the terrible Paris attack tragedy in November 2015. Ownz also said that they took part in a campaign against the Ku Klux Klan. Ownz said that they are using a hacking tool named Bangstresser. They claim that they have already used the tool against several IS websites. Bangstresser was said to be developed by another U.S.-based hacker activist. New World Hacking tried out the tool against the BBC websites along with several of their personal computer servers and possibly botnets. Ownz told the BBC that they are planning to attack a new list of ISIS targets online. It is unclear which sites they are referring to, but they were not disclosed in order to help protect the integrity and effectiveness of their campaign. BBC Websites And Services Downtime BBC websites started to be down at around 7 PM on Thursday. Instead of the website interface, they were greeted with an error. In addition to the websites, their iPlayer Radio app and iPlayer catch-up service were also down. The iPlayer app was recently launched for the Apple TV App Store in December 2015. Twitter (NASDAQ: TWTR) users replied to the BBC Press Office’s announcement that they were aware of the “technical issue.” Some have said suggested that they should try turning their servers off and on again. Some have also taken the news in a lighter tone, saying that the HR department should be blamed for insisting the unused leaves be used before 2015 ended. Others took the chance to mock BBC, saying that they shouldn’t rush because they know BBC is telling the truth when they are silent. Other users have also asked if it was DDoS attack, but no replies were given by BBC. Some users have also reported that the BBC Bitesize and BBC Food recipes were down as well. BBC websites started to be back online at around 10:30 PM. However, some of the websites took longer than usual to load. All of the services and websites functioned normally several hours more after. New World Hacking did not say why they chose the BBC services and websites as a test target for their attacks. However, one possible reason is to demonstrate the scale and power of their attacks by attacking one of the most known broadcasting corporations in the world. Source: http://www.biztekmojo.com/001843/bbc-websites-services-taken-down-anti-isis-hacking-group-testing-their-capabilities

Continue Reading:
BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

BBC reports on BBC tweet about BBC websites DDoS

The BBC’s website and iPlayer service went down on Thursday morning following a cyber attack causing widespread panic on social media A BBC Technology journalist later posted an article on their website saying a “large web attack” had “knocked” their websites offline. Sources within the BBC said the sites were down “thanks to what is knows as a ‘distributed denial of service’ attack”. A National Crime Agency spokesperson said: “DDOS is a blunt form of attack which takes volume and not skill. It’s a very basic attack tool. One analogy is too many people trying to get through a revolving door at the same time so that the door gets stuck.” Social media reaction to the trouble was swift. Many urged the BBC to get the site back up quickly and lamented how long it was taking to fix the technical trouble. Among the Twitter users to pass comment was Stephen Fry. Professor Tim Watson, Director of Cyber Security at the University of Warwick, said: “The BBC site will expect lots of traffic and they are a high profile target so you would expect them to have all kind of protection against a DDos attack. “They will be used to having lots of visitors but usually people visit the site at different times and are not repeatedly asking for lots of information. “The way a DDos attack works is by having control of thousands or millions of computers on a ‘botnet’ – so as people get their computers compromised by visiting websites or clicking on malicious links in emails, they can be remotely controlled and then coordinated to all visit a website at the same time. “So you can have millions of computers all making repeated visits to the same page over and over again and that is how you flood a website to the point where legitimate users can’t get access.” Professor Watson said there are a number of ways big corporations can protect against these kind of attacks but they are expensive. One way of protecting a site is to have something called “fat pipes” – very large data cables capable of dealing with incredibly high amounts of traffic – combined with really fast computers which can filter out anything like DDos traffic and re-route legitimate traffic back to the main website. But Professor Watson asked: “Is it a good used of licence payers’ money to have fatter pipes just on the off chance that one day someone might want to take down the BBC website with a DDos attack?” Cyver security expert Professor Alan Woodward, from the University of Surrey, said an attack like this needs a “degree of coordination”. He said: “I would have thought this could have been so-called hacktivists. The bbc has a large and sophisticated structure themselves and I know they have systems in place to mitigate it so it might have been slightly more than the usual DDoS attack. I cant see why a cyber criminal would do this, they do this for money, the only people who do this to make a point are hacktivists. “You have these groups who are doing this to make a point. Nation states often have the capability to do it. The motives tend to be where you have some group like these active hacker squad, phantom squad and lizard squad who do it.” An official BBC spokesperson said the corporation “are not discussing the causes” of the shutdown “or going into any further detail”. The BBC’s main website is the 89th biggest in the world, according to web analytics firm Alexa, and is the seventh-ranked site in the UK. Twitter goes into meltdown As BBC technicians frantically attempted to work out how to get their website back up and running, Twitter users had a lot of fun as #BBCDown began trending. The corporation apologised for the inconvenience on a number of Twitter feeds, blaming the website and its iPlayer services going down for over an hour on a “technical issue”. It later emerged the corporation had suffered a DDoS – a distributed denial of service – attack. Source: http://www.telegraph.co.uk/news/bbc/12075679/BBC-website-crashes-and-Twitter-goes-into-meltdown.html

Excerpt from:
BBC reports on BBC tweet about BBC websites DDoS

Massive DDoS Attacks of Over 1 Million Queries Per Second Threaten Root Servers That Support The Global Internet

Today, we share a blog post from Looking Glass’ Director of Product Management, Patrick Lynch, as he discusses distributed denial of service (DDoS) attacks on DNS root servers. On Nov 30 and again on Dec. 1, massive DDoS attacks against several Internet based DNS root servers with volumes of over 1 million queries per second threatened the global Internet. There is speculation that the attack was initiated by ISIS (here). Not only is this a risk to the Internet as a whole, but also impacts the Internet Service Providers (ISPs) that are the unfortunate middle link in the attack and whom the majority of Internet access depends on. Although the target was the DNS root servers, the intermediate ISPs probably were more severely impacted by the sudden spike in the traffic load due to the relationship between DNS authoritative and recursive servers. Verisign provided additional information showing why the source IPs were spoofed, and the root servers’ users group also published some information. Arstechnica also has a description of the event. There are a number of actions that are available to an ISP that mitigate both the attacks on the DNS root servers, and on the ISP itself: Ingress filtering by source IP address – Routers can enforce BCP38 that only allows traffic to originate with source IP addresses that are valid for that ISP. This will also prevent source and destination addresses from being the same. If Ingress filtering is not practical, then having a DNS firewall will provide similar capabilities to ingress filtering as well as additional capabilities such as: Only allow queries from allowed IP ranges Rate limit queries by source IP or destination IP to prevent volumetric attacks Rules that prevent DNS responses (as opposed to queries) going to the root servers When an upstream DNS server is busy (as in a DDOS attack), automatically generate a server unavailable error and do not add to the DDOS attack Securing DNS is challenging given the nature of the protocol and the fact that the DNS ports must be left open to ensure continuous delivery of DNS services to Internet attached devices. Source: https://lgscout.com/massive-ddos-attacks-of-over-1-million-queries-per-second-threaten-root-servers-that-support-the-global-internet/

Cyber criminals not to blame for all DDoS attacks, study shows

There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab Distributed denial of service (DDoS) attacks are associated with criminal activity, but not all those behind DDoS attacks are cyber criminals, research has revealed. Nearly half of more than 5,500 companies polled in 26 countries claimed to know the identity and motivation behind recent DDoS attacks, and 12% named competitors as the most likely culprits. This suspicion increases in the business services industry, with 38% of respondents in this sector believing their competitors were behind a DDoS attack, according to a survey by Kaspersky Lab and B2B International. However, 18% attributed recent DDoS attacks to criminals seeking to disrupt or distract while another attack took place; 17% to criminals seeking to disrupt their services for a ransom; 11% to political activists; and 5% to state-sponsored activities. The most popular motivation for the attacks is believed to be a ransom, cited by 27% of respondents in the manufacturing and telecoms sectors. “DDoS attacks are no longer just about cyber criminals seeking to halt a company’s operations,” said Evgeny Vigovsky, head of DDoS protection at Kaspersky Lab. “Businesses are becoming suspicious of each other, and there is a real concern that many companies – including small and medium ones – are being affected by the underhanded tactics of their competitors, which are commissioning DDoS attacks directly against them, damaging their operations and reputation,” he said. In the light of this trend, Vigovsky said all businesses should remain vigilant and fully understand the repercussions of a DDoS attack in terms of the potential financial and reputational damage. “It is wise not to pay a ransom, or to fall victim to cyber criminals or competitors. Ensure that you have the appropriate security measures in place to help manage the increased risk posed to your business from DDoS attacks,” he said. Looking ahead to 2016, security firms expect to see an increase in the tactic of using DDoS attacks to distract companies from other, more damaging malicious activity on their networks, such as data theft. The use of DDoS, or the threat of DDoS attacks, as a way of extorting money is also expected to continue and increase in the coming year. According to the study, 20% of companies with 50 employees or more reported that they have been the victim of at least one DDoS attack, with companies in the telecoms, financial services and IT sectors the most likely to be targeted. The study also revealed that 50% of DDoS attacks led to a noticeable disruption of services; 26% led to the loss of sensitive data; 24% led to services being completely unavailable; and 74% led to a noticeable disruption of service, which coincided with a different type of security incident, such as a malware attack, network intrusion or other type of attack. According to Kaspersky Lab, the average cost for recovering from a DDoS attack for companies of more than 1,500 employees is $417,000, and $53,000 for small and medium businesses (SMBs). Yet 56% of those polled thought that spending money to prevent or mitigate DDoS attacks in future would be worth the investment, 53% said their organisation knew how to mitigate or prevent DDoS attacks, and only 52% felt well-informed about DDoS attacks. Despite the cost and complexity of dealing with DDoS attacks, the Kaspersky Lab research said the average financial damage of a DDoS attack is significant, especially for SMBs, and is definitely higher than the cost of a service designed to reduce the effect of such attacks. “DDoS prevention is almost always a third-party service, and outsourcing this trouble to experts not only reduces the damage but also frees up IT personnel to deal with a probable complementary attack on a company infrastructure, which will have much worse consequences,” the report said. Source: http://www.computerweekly.com/news/4500260544/Cyber-criminals-not-to-blame-for-all-DDoS-attacks-study-shows

Taken from:
Cyber criminals not to blame for all DDoS attacks, study shows

OpTrump: Anonymous declares war on Donald Trump with DDOS attack following Muslim ban speech

Hacktivist group Anonymous has continued to add to its list of targets, with controversial US presidential candidate Donald Trump the latest in the crosshairs. Following Trump’s radical speech stating he wanted to ban Muslims from entering the US, Twitter accounts linked to the group declared war. The OpTrump campaign launched last night (9 December) with the first piece of business taking down Trump’s website www.trumptowerny.com for several hours by hitting it with a DDOS (distributed-denial-of-service) attack, which crashed the site. One Twitter user posted a picture of the hack, claiming the site was “almost down”. Anonymous posted a video online in response to Trump’s comments and warned of the repercussions of his words. “Donald Trump, it has come to our attention that you want to ban all Muslims from entering the United States. This policy is going to have a huge impact. This is what Isis wants. The more Muslims feel sad the more Isis feels they can recruit them. The more the United States appears to be targeting Muslims, not just radical Muslims you can be sure Isis will be putting that on their social media campaign,” said a masked member of the hacktivist group. While Anonymous has yet to officially claim responsibility for the DDOS attack, Twitter users showed full support of the group and its campaign. In the grand scheme of things this was a fairly tame attack, as the website is still running as normal at the time of writing, but it did serve as a digital slap to show this could be the first of many targeted operations against Trump. Anonymous is also busy taking on Islamic State by organising an official Isis Trolling Day called “Day of Rage” on 11 December, where it is encouraging an uprising of social media users to post content mocking the terror group. They issued a list of actions in a statement that includes reporting accounts of Isis sympathisers, posting mocking photos and use mocking hashtags. There will also be organised demonstrations held around the world. Source: http://www.ibtimes.co.uk/optrump-anonymous-declares-war-donald-trump-ddos-attack-following-muslim-ban-speech-1532739

DNS Root Servers Hit by DDoS Attack

Unknown parties carried out a large-scale DDoS attack on the Internet’s DNS root servers, causing slight timeouts for four nodes, more exactly on the B, C, G, and H servers, RootOps reports. There were two different attacks, one launched on November 30 that lasted 160 minutes (from 06:50 to 09:30 UTC), and a second, shorter one on December 1 that lasted only one hour (from 05:10 to 06:10 UTC). RootOps, the DNS root server operators, are reporting that the attacks were valid DNS queries addressed towards one domain in the first attack, and to a different domain on the second day. Each attack blasted up to five million queries per second per DNS root name server. RootOps has no hopes to catch the culprit, since IP source addresses can be easily spoofed, and the source IP addresses used in the DDoS attack were very well spread and randomized across the entire IPv4 address space. The DDoS didn’t cause any serious damage, but a mere delay for some users making DNS queries via their browser, FTP, SSH, or other clients. DNS protocol’s design saves the day “The DNS root name server system functioned as designed, demonstrating overall robustness in the face of large-scale traffic floods observed at numerous DNS root name servers,” said the DNS root server operators, referring to the fallback system employed by DNS servers. Because of the way DNS is constructed, on a mesh-like structure like the Internet itself, if one server does not respond, other servers intervene and provide a DNS query result. The DNS root server operators did not speculate on the reasons this massive attack was carried out against their infrastructure but did say this was not the result of a reflected DDoS attack. RootOps recommended that ISPs that don’t want to allow DDoS attacks that use IP address spoofing to be carried from their network should implement Source Address Validation and the BCP-38 specification. Source: http://news.softpedia.com/news/dns-root-servers-hit-by-ddos-attack-497363.shtml

Read this article:
DNS Root Servers Hit by DDoS Attack