Tag Archives: stop ddos attacks

Security fears for ACT’s govt files

The ACT government’s computer systems fought off more than a million attempts to compromise their security in the nine months to April, the territory’s auditor-general has found. And despite a ”denial of service” attack on a key government website just as the audit was coming to an end, auditor Maxine Cooper has found the territory’s information security system is ”robust”. But Dr Cooper’s report found 95 per cent of the 1025 information management systems in the government’s sprawling network were not complying with the requirement to have a security plan and even fewer had undertaken a threat-and-risk assessment. Advertisement: Story continues below Dr Cooper’s office audited the government’s computer network nine months before March, but as the audit period came to a close, the Justice and Community Safety Directorate’s website came under successful attack. The department, which holds sensitive information from the city’s justice agencies, was targeted by the Anonymous group in what is believed to be a case of mistaken identity. The hackers appeared to believe they were attacking the Australian ”justice department”, protesting the federal government’s attitude toward WikiLeaks founder Julian Assange. Dr Cooper warned that unauthorised accessing of information held by the government, including health and medical records, criminal records, case management records and sensitive government documents could cause strategic damage. But Dr Cooper found successful attacks were externally exceptional in an otherwise good security record for the territory but which could be improved if all government websites were internally hosted. ”The protection of the ACT government network is robust,” the Auditor-General said yesterday. ”Shared Services ICT Security Section’s security regime has successfully defended against over one million attempts to access the ACT government’s network in the nine-month period to 31 March, 2012. ”Future similar breaches could be minimised if all directorate and agency websites were hosted on the ACT government network ran ACT government endorsed supplier.” Dr Cooper also wants to see improvements, including more IT bureaucrats reading up on the essential documents governing security. ”While the administrative structures and processes that support whole and procedures are overall satisfactory there are some shortcomings,” Dr Cooper said. ”ICT security governance is based on the Protective Security Policy and Guidelines which is the ACT government’s pre-eminent protective security document. ”However it is unclear if the status of this document is well understood or if adequate processes exist to ensure that directorates and agencies are complying with it.” The auditor was also unhappy with a failure to put plans in place to secure information management systems in the government network ”Despite it being a requirement, only 5 per cent of the ACT government’s 1025 information management systems have a system security plan; and even fewer, some 2.24 per cent have a threat-and-risk assessment,” she said. Source: http://www.canberratimes.com.au/act-news/security-fears-for-acts-govt-files-20120608-201v5.html

See the original article here:
Security fears for ACT’s govt files

North Korea ships malware-infected games to South Korean users, uses them to launch DDoS attacks

According to an independent report published in Korea’s JoongAng Daily, Seoul’s Metropolitan Police Agency has intercepted a cyber attack plot orchestrated by North Korea’s Reconnaissance General Bureau, which successfully shipped malware-infected games to South Korean users which were later on used to launch a DDoS attack against the web site of Incheon Airport. More details: According to the police, the South Korean man, identified by the surname Jo, traveled to Shenyang, northeastern China, starting in September 2009 and met agents of an alleged North Korean trading company. He allegedly asked them to develop game software to be used in the South. Jo purchased dozens of computer game software for tens of millions of won, which was a third the cost of the same kind of software in the South. The games were infected with malignant viruses, of which Jo knew, an official at the police agency said. Jo sold the games to South Korean operators of online games. When people played the games, the viruses used their computers as zombies, through which the cyberattack was launched. This is the second attempt by North Korea in recent months to engage in electronic warfare with South Korea, following the use of GPS jammers causing difficulties in air and marine traffic controls. What’s particularly interesting about North Korea’s infection vector in this campaign, is that it’s not a novel approach to spread malware. Instead, it relies on a chain of trust, from the unknown origin of the produced games, to the sellers claims that they are malware-free, and ultimately targets bargain hunters. In the past, software piracy has proven to be a key driving force behind the growth of malware campaigns internationally. Distribution of malware-infected games greatly reminds me of a case which happened in Eastern Europe in the 90s where a malware coder participating in a popular IT magazine’s coding contest, on purposely backdoored his game, which ended being shipped to thousands of subscribers on a magazine-branded CD. Although a good example of a flawed QA (Quality Assurance) on behalf of the magazine, South Korean authorities claim that the person who purchased the games actually knew that they were infected with malware, hence the lower price for purchasing them. Just how big of a cyber threat is North Korea? It’s an emerging market player, having actively invested in the concept over the years, that’s for sure. In my recent conversation with cyber warfare expert Jeffrey Carr, he pointed out that he doubts Russia or China will knowingly supply the irrational North Korea with cyber warfare ‘know how’. However, Russia or China’s chain of command doesn’t need to know that this outsourcing will ever take place, as North Korea could easily outsource to sophisticated cybercriminals doing it for the money, not for the fame. Summary: Seoul’s Metropolitan Police Agency has intercepted a cyber attack plot orchestrated by North Korea’s Reconnaissance General Bureau, which successfully shipped malware-infected games to South Korean users. Source: http://www.zdnet.com/blog/security/north-korea-ships-malware-infected-games-to-south-korean-users-uses-them-to-launch-ddos-attacks/12383

See more here:
North Korea ships malware-infected games to South Korean users, uses them to launch DDoS attacks

Indian ISPs targeted in Anonymous censorship protest

The websites of Indian government-run communications company Mahanagar Telephone Nigam and the Internet Service Providers Association of India faced DDoS (distributed denial of service) attacks from Anonymous on Wednesday as some Internet service providers continue to block file-sharing websites following a court order. ISPs are only following the orders of the court which are supreme, said Rajesh Chharia, president of ISPAI, who was doubtful that the association’s website had been affected by the hackers. The Indian arm of Anonymous previously attacked some government websites, and those of some political parties. Last month, users reported that the hackers tinkered with the service of a large ISP, Reliance Communications, redirecting its users from sites like Facebook and Twitter to a protest page. The hackers also claimed to have attacked the website and servers of Reliance, and got access to a large list of URLs blocked by the company. Reliance denied its servers were hacked. The attacks follow a March court order directing ISPs to prevent a newly released local movie from being available online in pirated versions. Some ISPs blocked some file-sharing sites altogether, rather than any offending URLs. The measures taken by the ISPs have differed depending on their interpretation of the order, Chharia said. Some websites such as The Pirate Bay continue to be blocked by some ISPs and carried the message, “This website/URL has been blocked until further notice either pursuant to Court orders or on the Directions issued by the Department of Telecommunications.” Pastebin is also not accessible through some ISPs. Internet service providers are against censorship, and also against piracy, Chharia said. “It is up to the government and various groups to come to a resolution,” he added. The responsibility of intermediaries has been a controversial issue in India, with some Internet companies including Google and Facebook sued in court late last year for objectionable content found on their sites. Their websites have been attacked as blocks on some file-sharing sites continue Anonymous meanwhile plans on June 9 what it describes as non-violent protests across many cities in India against censorship of the Internet in the country. It claims to have already received police permission for some of the protests. The scope of the protests has widened to include demands for changes in the India’s Information Technology Act, which among other things allows the government to block websites under certain conditions, and also allows the removal of online content by notice to ISPs. The government is also in the process of framing rules that will put curbs on freedom on social media, according to the hacker group. Source: http://www.computerworld.com/s/article/9227804/Indian_ISPs_targeted_in_Anonymous_censorship_protest

See more here:
Indian ISPs targeted in Anonymous censorship protest

White House unveils initiatives to combat botnets

The Obama administration on Wednesday revealed new initiatives to combat botnets, believed to present one of the greatest threats to the integrity of the internet. Botnets are employed by cyber thieves to gain control of computers to perform illegal activities, including siphoning off assets, initiating denial of service (DoS) attacks, which could shut down a targeted website, or distributing spam. The initiatives stem from a voluntary public-private partnership between the White House Cybersecurity Office and the U.S. Departments of Commerce and Homeland Security (DHS), which coordinate with private industry to lead the Industry Botnet Group (IBG), a group of nine trade associations and nonprofit organizations representing thousands of companies. “The issue of botnets is larger than any one industry or country,” said White House Cybersecurity Coordinator Howard Schmidt at an event to announce the program (Schmidt recently announced his resignation). Also present at the event were Federal Communications Commission Chairman Julius Genachowski, Department of Homeland Security Secretary Janet Napolitano, Under Secretary of Commerce for Standards and Technology Patrick Gallagher, and a number of industry CEOs. According to an administration official who spoke with SCMagazineUS.com on Friday, “industry deserves credit for the real work in getting this done.” He said that the strategy goes back to a Commerce greenpaper on cyber security looking at areas where the government saw a solution in the private sector that could alleviate the botnet problem, but was not gaining traction and collective action. “Companies didn’t want to invest if other companies weren’t,” the administration official said. A call went out from the Departments of Commerce and Homeland Security to the private sector to find ways to build incentives for companies to implement best practices around botnets. “We were pleasantly surprised to find so much agreement,” the official said. A series of meetings at the White House followed, led by Schmidt, which led to the writing of IBG’s “Principles for Voluntary Efforts to Reduce the Impact of Botnets in Cyberspace,” he said. “Cybersecurity is a shared responsibility – the responsibility of government, our private sector partners and every computer user,” Napolitano said at Wednesday’s event, according to a release. “DHS has set out on a path to build a cyber system that supports secure and resilient infrastructure, encourages innovation, and protects openness, privacy and civil liberties.” The Online Trust Alliance (OTA) was also at the event to support the IBG’s principles. “We have a shared responsibility to commit resources to address the growing threats from botnets, which threaten to undermine the digital economy,” Craig Spiezle, executive director and president, Online Trust Alliance, said in a statement. “Preserving online trust and confidence needs to be a priority and the broad adoption of the Industry Botnet Group principles is an important step toward protecting the internet.” Source: http://www.scmagazine.com/white-house-unveils-initiatives-to-combat-botnets/article/243712/

Continue Reading:
White House unveils initiatives to combat botnets

DoS crashes updated iPads, iPhones

A denial of service attack has been disclosed in the latest version of Apple iOS. The attack targets Safari in iOS 5.1.1 and a proof of concept was published online. Alienvault security researcher Alberto Ortega said the attack may also affect previous versions of the Apple operating system. The attack was successfully demonstrated on iPhone, iPad and iPod Touch. Ortega said the error was a “step to achieve a real exploitation”. “iOS has a lot of mitigations to avoid successful exploitation,” Ortega said. “This software has errors and holes but you will need to bypass those hard mitigations and find more weaknesses to have something “usable’.” Ortega reported the error to Apple at the time of disclosure but had no response from the notoriously security silent company. “When JavaScript function match() gets a big buffer as parameter the browser unexpectedly crashes. By extension, the function search() is affected too,” Ortega said in the advisory. Source: http://www.crn.com.au/News/302620,dos-crashes-updated-ipads-iphones.aspx

Taken from:
DoS crashes updated iPads, iPhones

US Firms Are Over-Reliant on Firewalls to Protect Against DDoS Attacks

By John E Dunn, techworld.com More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found. The survey of 1,000 US-based IT professionals across a range of industries found that only 3 percent were using DDoS mitigation systems or services, with a quarter claiming they had no protection whatsoever against the threat. Eleven percent used intrusion detection/prevention systems even though such technology is (in common with firewalls, routers and switches) widely seen as an inadequate defence against contemporary DDoS bombardment, Neustar said. “Experts point out that during DDoS attacks these ‘defences’ become part of the problem. They quickly become bottlenecks, helping achieve an attacker’s goal of slowing or shutting you down. Moreover, firewalls won’t repel attacks on the application layer, an increasingly popular DDoS vector,” the authors note. A third of those questioned said DDoS attacks lasted for a day or more with 11 percent mentioning over a week. There didn’t appear to be any clear pattern that related attack length to industry segment, except that the travel industry appeared slightly more vulnerable to attacks lasting longer than 24 hours. Two thirds said the direct cost of all this DDoS was about $10,000 (£6,200) per hour or $240,000 per day, with 13 percent reckoning it as being $100,000 per hour. The most vulnerable to high costs was retail, a sector that depends on online sales to generate cashflow, followed by finance. The main anxiety in advance of DDoS attacks was the negative impact on customers, ahead of brand reputation damage and even direct costs. Companies such as Neustar have a vested interest in talking up the difficulty of dealing with DDoS the better to market protection services. However, the company said it accepted that there was no simple answer to countering DDoS attacks; even the best protection systems available still required trained, skilled staff to deploy and manage them. “With attacks becoming more sophisticated – mixing brute-force bandwidth assaults and surgical strikes on applications – in-depth knowledge and experience make a huge difference. There is no ‘magic box’ that can out-think attackers on its own.” Source: http://www.pcworld.com/businesscenter/article/255772/us_firms_are_overreliant_on_firewalls_to_protect_against_ddos_attacks.html

View original post here:
US Firms Are Over-Reliant on Firewalls to Protect Against DDoS Attacks

Check Point Survey Reveals More Than Half of Targeted Attacks Reported Were Driven by Financial Fraud

Denial of Service Attacks and Botnets Pose Increased Risk to Organizations, With Successful Attacks Costing Businesses Over $100,000 per Incident REDWOOD CITY, CA, May 22, 2012 (MARKETWIRE via COMTEX) — Check Point(R) Software Technologies Ltd. CHKP +0.04% , the worldwide leader in securing the Internet, today announced the results of a new survey revealing 65 percent of organizations who experienced targeted attacks report the hacker’s motivation was driven by financial fraud, and resulted in business disruption and the loss of sensitive information, including intellectual property and trade secrets. The report, The Impact of Cybercrime on Businesses, also showed companies reporting an average of 66 new security attack attempts per week, with successful incidents costing businesses anywhere from $100,000 to $300,000. Among the list of top threats, Denial of Service (DoS) attacks were said to pose the greatest risk to organizations. Cybercriminals today are increasingly leveraging malware, bots and other forms of sophisticated threats to attack organizations for various reasons — from financial gain and disruption of business operations to data theft or attacks driven by political agendas. Regardless of motivation, new variants of malware are being generated on a daily basis, often targeting multiple sites and organizations to increase the likelihood of an attack’s initial success and the potential for threats to spread quietly throughout an organization. “Cybercriminals are no longer isolated amateurs. They belong to well-structured organizations, often employing highly-skilled hackers to execute targeted attacks, many of whom receive significant amounts of money depending on the region and nature of the attack,” said Tomer Teller, security evangelist and researcher at Check Point Software Technologies. “Cybercrime has become a business. With bot toolkits for hackers selling today for the mere price of $500, it gives people insight into how big the problem has become, and the importance of implementing preemptive protections to safeguard critical assets.” According to the survey, SQL injections were cited as the most serious types of attacks organizations had experienced in the last two years, and more than one third of respondents had each experienced APTs, botnet infections and DoS attacks. Following investigations of targeted threats, respondents reported the biggest consequences were a disruption to their business and the loss of sensitive data and intellectual property. “For the most part, the goal of attackers is to obtain valuable information. These days, credit card data shares space on the shelves of virtual hacking stores with items such as employee records and Facebook or email log-ins, as well as zero-day exploits that can be stolen and sold on the black market ranging anywhere from $10,000 to $500,000,” added Teller. “Unfortunately, the rate of cybercrime seems to be climbing as businesses experience a surge in Web 2.0 use and mobile computing in corporate environments — giving hackers more channels of communication and vulnerable entry points into the network.” “Companies are constantly facing new and costly security risks from both internal and external sources that can jeopardize the business,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “While the types of threats and level of concern companies have may vary across regions, the good news is that security awareness is rising. Across the board, C-level executives reported high levels of concern about targeted attacks and planned to implement security precautions, technology and training to mitigate the risk of targeted attacks.” Key Findings from the Report: – Primary Motivations of Targeted Threats – Following investigations of cyber-attacks within organizations surveyed, the majority of respondents reported financial fraud (65%) as the cybercriminal’s primary motivation, followed by intent to disrupt business operations (45%) and stealing customer data (45%). Approximately 5% of security attacks were estimated to have been driven by political or ideological agendas. – Cybercrime comes in all shapes and forms – On average, respondents reported SQL Injections as the most serious security attacks experienced in the last two years, and more than one third of respondents said they experienced APTs (35%), botnet Infections (33%) and DoS attacks (32%). – Targeted attacks continue to be costly – Survey participants estimated a single, successful targeted attack costing an average of $214,000 USD. In Germany, respondents reported a higher average estimate of $300,000 per incident, and Brazil with a lower average of $100,000 per incident. Estimates include variables such as forensic investigation, investments in technology and brand recovery costs. – Most Common Threat Vectors – When asked to rank employee activities that pose the greatest risk, all regions unanimously cited the use of mobile devices — including smartphones and tablet PCs — as the biggest concern, followed by social networks and removable media devices such as USB sticks. – Current technology investments – While the majority of companies have important security building blocks in place, such as Firewall and Intrusion Prevention solutions, less than half of companies surveyed have advanced protections to fight botnets and APTs. However, the majority of organizations in Germany and the US are beginning to deploy solutions more specific to addressing cyber-risk such as anti-bot, application control and threat intelligence systems. – Security Training and Awareness – Only 64% of companies say they have current training and awareness programs in place to prevent targeted attacks. Cybercriminals are focused on valuable data that is worth the time and risk; therefore, it has become imperative for enterprises to focus their security efforts there as well. Businesses should start by identifying critical data and assets and enforce multi-layered threat prevention. While thousands of companies have already been targets of bots and advanced threats, businesses have the responsibility to stop it from spreading. For more information about how Check Point helps customers mitigate the risk of cybercrime, visit: http://www.checkpoint.com/campaigns/r75.40/index.html . The report, The Impact of Cybercrime on Businesses, surveyed 2,618 C-level executives and IT security administrators in the US, United Kingdom, Germany, Hong Kong and Brazil. The survey sample represents organizations of all sizes and across multiple industries, including financial, industrial, defense, retail, healthcare and education. For more information and to view the full report, visit: http://www.checkpoint.com/products/downloads/whitepapers/ponemon-cybercrime-2012.pdf . About Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. ( www.checkpoint.com ), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point’s award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft. SOURCE: Check Point Software Technologies Ltd. mailto:press@us.checkpoint.com mailto:ir@us.checkpoint.com http://www.marketwatch.com/story/check-point-survey-reveals-more-than-half-of-targeted-attacks-reported-were-driven-by-financial-fraud-2012-05-22