Tag Archives: stop-ddos

How Norway’s biggest news site protects itself from DDoS attacks

Every day hackers attack Norway´s largest news site, VG. But not without risk. VG has both helped the police put hackers behind bars and alerted mothers about what their adventurous sons are up to. VG.no is one of the most successful news sites in the world. Every week 4 million Norwegians – out of a population of 5 million – visit the site for the latest news. But that also makes VG.no a target for hackers. “Whenever there is a new security hole discovered, someone want to try it on VG,” says Audun Ytterdal, head of IT operations in VG. During the Schibsted Tech Polska Winter Event 2016 he presented “War stories from the ops trenches”, describing how the media house protects itself from a continuous flow of DDoS attacks. Under attack every day VG is well prepared for hacker attacks – and is able to deal with lots of traffic without going down. According to Ytterdal the site can handle up to 30 GB per second. “Usually we see around 10.000 http-hits per second. But during the attacks we can experience up to 100.000 http-hits per second,” he explains. Called the hacker´s mum In the presentation he explains some of the technical measures taken to secure the news site from attack. But he also tells entertaining stories about how the IT staff used their technical skills to identify the hackers. And not always the hackers have everything planned out! Take for instance the young hacker who managed to take over the front page of the business site E24.no with photos of himself in a balaclava taken in his mum´s bathroom. However smart he had been breaking into the site, he had forgotten to remove the location info added to the image file when he took the photo with his mobile phone. “So we could see where he lived – and we called his mum informing her that her son was up to activities she may not approve of,” laughs Audun Ytterdal. Sent hackers to jail In another case the hackers bragged about their achievement on Twitter. That gave the IT operations department the opportunity to contact them directly. After a while they also managed to identify two of the hackers. When one of them posted a photo from a town in Southern Norway, VG was able to locate the exact house it had been taken from with use of Google Street View. The information was given to the police – and the two hackers later had to serve time in jail. Entertaining error page For a news room all alarms go off when the main site is down. And Audun Ytterdal believes it will be very hard to avoid never being shut down. So what to do when it happens? Of course identify and fix the problem. But VG also decided to give people a good laugh by designing an entertaining error page. The error page is a fun version of the normal front page of the site. “The last time we used this we had people tweeting that they would rather see the error page of VG than any other news site,” smiles Ytterdal. Source: http://www.schibsted.pl/2016/02/how-norways-biggest-news-site-protects-itself-from-ddos-attacks/

View the original here:
How Norway’s biggest news site protects itself from DDoS attacks

US Department of Homeland SecuUS Department of Homeland Security Vows To Tackle DDoS Attacksrity Vows To Tackle DDoS Attacks

The contract between Department of Homeland Security (DHS) and Galois was signed in January. However, HackRead had a chance to discuss the contract with Galois. Galois and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) have formalized a contract to develop technology for preventing and combating extensive, sophisticated DDoS (Distributed Denial of Service) attacks . In fact, an official announcement was made by Galois in which the company informed media about signing up a $1.7million contract with the DHS S&T Cyber Security Division. The contract is part of the larger Distributed Denial of Service Defenses (DDoSD) program initiated by the DHS S&T Cyber Security Division. The problem with DDoS attacks is that these can cripple even the most established and largest organizations. These happen to be devastating for small and/or medium-sized businesses. The generated amount of traffic is adequate to drench their internet connections multiple times and it becomes challenging to get the ISP (internet service provider) to take the matter seriously and respond quickly. DHS Developing Technology to Thwart DDoS attacks Quicker than Ever Before The project that DHS is planning with Galois is dubbed as DDoS Defense for a Community of Peers (3DCoP) and it involves peer-to-peer collaboration mechanism with which the organizations detect and combat DDoS attacks by working in cooperation. According to Adam Wick, Galois’ Research Lead, Mobile & Security Systems Software: “Current DDoS defense systems are proving ineffective because they operate in isolation, which introduces delays in the detection, reporting, and response to a DDoS attack. This delay is critical. It provides positive feedback to the attacker, who will continue to send more and more traffic to the target network. Our solution advances the state of DDoS defense by providing new tools that allow multiple defenders to coordinate their response, resulting in earlier detection and faster DDoS mitigation.” It is not a hidden fact that DDoS attacks are a great threat for all kinds of industries and sectors alike such as news entities, financial institutions, critical infrastructure organizations and government agencies, etc. Under the contract with DHS, Galois aims to curb rising DDoS attack threats via the following measures: 1: Minimizing mitigation response duration by at least 50% and 75 to 90 percent reduction in peak traffic 2: 25% reduction in the duration between the launching of DDoS attack and its detection Resultantly, organizations and institutional entities will be able to thwart DDoS attacks prior to its completion. HackRead had a chance to have a conversation with Adam Wick and here’s what we asked and what he replied: Q: How would you like to explain the difference between your services and services provided by other companies? Answer: “Currently, DDoS defense systems fail to address large DDoS attacks that fully “clog” the internet connection. In those cases, locally responding to an attack is no longer possible. In general, most solutions work in isolation, which introduces delays in the detection, reporting, and response to a DDoS attack. To effectively mitigate a large attack, an organization must involve organizations “higher up”, like ISPs, that can stop the flow of malicious traffic. We’re developing a unique collaborative model, where multiple organizations automatically work together to detect DDoS attacks through automatic traffic analysis. They then generate traffic blocking rules for the malicious traffic and send that to ISPs further up the chain. The ISPs can, in turn, block the necessary traffic and mitigate the attacks. One can see the basis of this in the way people react to DDoS attacks now, but many of these steps are manual and require complicated conversations over the telephone. In many cases, the process is further complicated because the parties involved have never spoken before, and have to build trust. After all, the actions that one takes to mitigate a DDoS can also be used to perpetrate an attack, so upstream ISPs need to convince themselves that they’re talking to the right person. What we’re looking to do is speed up this process, dramatically, by automating the detection, analysis, and mitigation steps. At the moment, this mitigation can be automatic, or it can be manual. That way, even if an organization’s ISP isn’t hooked up to our system, network admins will be able to detect the problem early and trust our solution to have all the information (and all the evidence!) they need to convince their ISP to take early and effective action.” Q: How will your firm will defend its client against DDoS attack leading to ransom such as the ProtonMail DDoS attack? Answer: “Ransom in DDoS cases is one of those clear indicators that our current approaches to DDoS defense are failing. Attackers can only ask for ransom when an organization has no way to defend themselves. Ransom cases can be mitigated by having effective DDoS defense that doesn’t allow an attack to become a problem in first place. The most effective defenses in the coming years will take into account the bigger picture by connecting everyone involved, for a more timely response. If we can minimize the effect of large DDoS attacks, we effectively reduce cases where attackers demand ransom.” Galois is a renowned firm in the computer science research and development sector. It has been operating since 1999 and boasts of a world class team of computer science experts, mathematicians, programmers, and engineers. The firm has positioned itself as the world’s most reliable company and is ready to take on even the most challenging computer science related task of the world. It has also partnered with defense and intelligence agencies to develop cutting edge technologies to protect their systems and networks. Very often tech firms consult Galois to create reliable, safe and secure systems for their products and services’ security. Source: https://www.hackread.com/us-homeland-security-vows-to-tackle-ddos-attacks/

See the original article here:
US Department of Homeland SecuUS Department of Homeland Security Vows To Tackle DDoS Attacksrity Vows To Tackle DDoS Attacks

FBI arrests Massachusetts man for Anonymous 2014 cyberattack on Boston Children’s Hospital

The hacktivist group launched multiple distributed denial-of-service attacks against the hospital’s servers in protest of the controversial custody case of Justina Pelletier. The FBI has arrested a hacker suspected of participating in Anonymous’ 2014 DDoS attack against Boston Children’s Hospital, The Boston Globe has reported. He was taken into custody after being rescued from a small boat off the coast of Cuba by a Disney cruise ship. Martin Gottesfeld, 31, of Somerville, Massachusetts, was arrested on Feb. 17 in Miami. He’s due to appear in U.S. District Court in Boston, where he’ll be charged with of conspiring to damage the computers at Boston Children’s and another facility in Framingham, Massachusetts, according to the Globe. He faces up to five years in prison and a $250,000 fine. In April 2014 – in protest of the controversial custody case of Justina Pelletier, who was being kept a patient at Boston Children’s as a ward of the state against the wishes of her parents – hacktivist group Anonymous launched multiple distributed denial-of-service attacks that targeted the hospital’s servers and hamstrung its operations for a week. According to the Globe, the FBI had previously questioned Gottesfeld in 2014. He admitted then that he had posted a YouTube clip calling for attacks on Boston Children’s, but denied participating in them. It’s unclear why he wasn’t charged at that time. But a tip this week about his rescue at sea led agents to Florida to take him into custody. He had three laptops with him, according to an FBI affidavit. In a statement, Boston Children’s thanked federal officials for “apprehending the hacker who led the attack and holding him accountable” – also thanking its own employees, “who assisted the FBI throughout its investigation and who helped build the comprehensive systems and procedures that were able to thwart the attack and protect confidential information.” Source: http://www.healthcareitnews.com/news/fbi-arrests-massachusetts-man-anonymous-2014-cyberattack-boston-childrens-hospital

Link:
FBI arrests Massachusetts man for Anonymous 2014 cyberattack on Boston Children’s Hospital

Anonymous: Hackers plan DDoS campaign against Israeli military to protest Mohammed Al-Qeeq detention

Hacktivists with the Anonymous hacking collective have announced plans to launch widespread DDoS strikes against the Israeli military to protest the ongoing detention of Mohammed Al-Qeeq, a Palestinian journalist who has been on hunger strike since November 2015. Al-Qeeq is a reporter for a Saudi news outlet and was arrested at his Ramallah home on 21 November by Israeli police amid claims was linked to Hamas. According to the Independent, he has been in ‘administrative detention’ ever since, which is permitted under Israeli law to detain someone without referring to a judge on the basis they are a threat to the national security. In the week after his detention he went on hunger strike and after roughly 80 days had lost most of his sight, voice and hearing abilities. “We are calling on all citizens of the world to join us in this fight to free an illegally detained man. We are organising many ongoing operations in relation to this issue,” said the hacktivists in a statement posted to PasteBin, who have branded the so-called ‘emergency operation’ as #OpAlQeeq, #OpSaveGaza and #FreeAlQeeq. The statement requested those taking part in the operation to carry out a range of tasks including calling local Israeli embassys, taking to the streets in protest and raising awareness on social media. However, the note also called for major hacking activity against ‘Israeli military forces’ and posted a slew of IP addresses relating to a range of websites including the defence ministry and the Israeli Defense Force (IDF). “Since it was the Israeli military forces that arrested and detained Mohammed Al Qeeq, then Israel military forces, his blood is on your hands,” the statement said. “We are calling on all ‘anons’ and hacktivists across the world to focus fire on Israeli military forces. Included [are] all websites associated with the Israeli military. Dump them, load them with viruses, DDoS them, break them, whatever you can do or see fit. Security analysis is already underway on all targets. Targets are listed by priority level. If this man dies in the custody of the Israeli military, Israel you can expect hell.” Anonymous has a long history with hacking Israeli targets. Last year, in a video posted online, the group vowed an ‘electronic holocaust’ against the nation in apparent statement in support of Palestine. “As we did many times, we will take down your servers, government websites, Israeli military websites, and Israeli institutions,” said a masked anonymous individual. “We will erase you from cyberspace in our electronic holocaust.” Meanwhile, in a separate attack in 2012, hackers attacks and shut down a number of websites including the Tel Aviv Stock Exchange after they were threatened by a Saudi hacker. A spokeswoman for the stock exchange confirmed at the time that the site had come under attack, but claimed that trading systems were not affected. Even most recently, following the hack at the Department of Justice that resulted in the loss of thousands of federal credentials, the hacker using the @DotGovs twitter profile who was thought to be behind the incident frequently signed off with the now-familiar phrase: #FreePalestine. Source: http://www.ibtimes.co.uk/anonymous-hackers-plan-ddos-campaign-against-israeli-military-protest-mohammed-al-qeeq-detention-1544723

Follow this link:
Anonymous: Hackers plan DDoS campaign against Israeli military to protest Mohammed Al-Qeeq detention

Several bugs detected in IBM Java Runtime could lead to DDoS attacks

Multiple vulnerabilities that could enable a remote attacker to launch a denial-of-service attack have been detected in the IBM Runtime Environment Java Technology Edition v6, according to an IBM Security Bulletin posted on Tuesday. The integrated software is used by Tivoli Composite Application Manager for SOA, a platform which provides management for services, applications and middleware. These bugs, which include the vulnerability popularly known as “SLOTH,” were reported by IBM when it updated Java SDK in January 2016. “The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake,” the bulletin stated. Employing man-in-the-middle techniques, a saboteur could exploit this flaw to mimic a TLS server and glean credentials, IBM wrote. No workarounds or mitigations have yet been provided. Source: http://www.scmagazine.com/several-bugs-detected-in-ibm-java-runtime/article/475405/

Follow this link:
Several bugs detected in IBM Java Runtime could lead to DDoS attacks

Valentine’s Day Inspires DDoS Attacks Against Online Florists

Security vendor Imperva says it has observed a sharp increase in automated bot traffic directed at florist sites. Cyber criminals have shown a consistent tendency to exploit major news and seasonal events to slip phishing and other malicious attacks past unwary victims. And so it is with this Valentine’s Day as well. Florists apparently have been receiving a lot of attention, of the unwanted variety, from online criminals, security vendor Imperva reported this week. All 34 of the company’s florist customers have experienced a sharp spike in traffic to their sites over the last few days. While some of the traffic is to be expected, considering the rush to order flowers for Valentine’s Day — a lot of it is not. According to Imperva, more than nine in 10 of the florist sites witnessed a sudden surge in bot traffic between February 5 and February 11. In about 23% of the cases, the spike in bot traffic was dramatic enough to cause problems. Contrary to what some might expect, the attack traffic did not appear to be opportunistic in nature. Rather, it looked as if the florists were being individually targeted in denial-of-service campaigns apparently designed to extort money from them. Sponsor video, mouseover for sound One of Imperva’s florist customers reported receiving a ransom note, while another experienced an application-layer denial of service attack, Imperva said. In the case of the latter victim, the company’s Content Distribution Network (CDN) provider interpreted the botnet traffic as regular user sessions, resulting in the site exceeding its contracted cache capacity. This in turn caused the CDN to route the attack traffic through its own origin servers, resulting in their site going down under DDoS traffic. A screenshot published on Imperva’s blog shows that some of the Web application attacks had originated in the United Kingdom, though one appeared to be from Latvia. Somewhat surprisingly, attackers were still going after old vulnerabilities such as Shellshock in an attempt to breach systems belonging to their targets, according to Imperva. Florists can mitigate the threat by monitoring their traffic for unexpected behavior, like heavier than normal traffic spikes, or visits from unfamiliar IP addresses. “Any unusual activity could be ‘dry runs’ by attackers foreshadowing an imminent full-blown attack,” Imperva said. The company also urged florists to monitor Twitter and sites such as Pastebin.com for chatter hinting at a potential attack on their sites. The sudden spike in malicious traffic directed at online florists reflects a common tendency among cyber crooks to escalate malware campaigns and attacks around seasonal events and major news happenings. Earlier this year, mobile network protection vendor Adaptive Mobile reported on a series of picture message spam campaigns on the Kik messenger service that were timed to coincide with seasonal events. The spam messages involved the use of images belonging to well-known brands to try and get recipients to follow links to malicious websites. What was noteworthy was the fact that each campaign was tied to a specific event. For instance, one of the Kik spam campaigns was launched around Halloween, and featured an image message purportedly from Amazon. Another campaign around Thanksgiving involved spam featuring spoofed McDonalds images, while one in the days preceding Cyber Monday featured BestBuy-related spam. While the campaign was not technically very sophisticated, the effort put into creating individual picture messages purporting to be from major brands, suggested a specialist campaign, Adaptive Mobile had noted. Source: http://www.darkreading.com/endpoint/valentines-day-inspires-ddos-attacks-against-online-florists-/d/d-id/1324312

Read the original:
Valentine’s Day Inspires DDoS Attacks Against Online Florists

How CDSL’s CIO is way ahead in the fight against DDoS attack

As the threat of DDoS attack looms large on the enterprise, CDSL’s CIO, Joydeep Dutta, countered it ahead of time with his in-house DDoS protection. For the past few years, India Inc. and its IT teams have been in a constant state of war with malware, hackers, insidious employees and everything that is a threat to their information security. The only strategy applied—and it wasn’t an effective one—was to deal with the after effects of the attack. But one CIO believed in the age old adage: Prevention is better than cure, and secured the most critical applications of the company from DDOS attacks. “Today, not many companies have implemented in-house DDoS protection though it is the ideal way of preventing denial of service attacks. If done only at the network service provider through clean pipes, it doesn’t give full protection,” says Joydeep Dutta, group CTO, Central Depository Services Limited. According to a recent report released by Akamai, India stands in the fourth position for being the origin of non-spoofed DDoS attacks. Of all the attacks, 7.43 percent originated from the country. The project was therefore a high priority for Dutta as the company’s core depository application, electronic voting for company resolution and other critical applications were Web-based. Not wasting any more time, as the threat loomed large, Dutta implemented an in-house DDoS protection and Web Application Firewall for additional security above the capability of traditional network firewalls. “By implementing Web application firewall (WAF), the internet-facing applications which are part of the core applications for most organizations were additionally protected,” he says. Further explaining the project, Dutta says that the in-premises DDOS equipment is the first layer of defense in the on-premise infrastructure. All the other equipment such as ISP routers, firewalls etc; at customer premise, are underneath this. “A set of security modules including Denial-of-service (DoS) protection, Network Behavioral Analysis (NBA), Intrusion Prevention System (IPS), Reputation Engine and Web Application Firewall (WAF), fully safeguard networks, servers, and applications against known and emerging network security threats,” Dutta says. Another novel thing about the project was the built-in security event information management system which collects and analyzes events from all modules to provide enterprise-wide views. CDSL reaped huge benefits from the on-premise DDoS implementation. “It was easy to proactively monitor the security features of these devices to decide necessary actions to be taken,” he says. It was now easy to black-list the vulnerable IP list received regularly from NCIIPC. It was also possible to stop repeated attacks with the help of the device. Thus, Dutta set an example for his peers to follow by securing the organization against the looming security threats. You too get going. Source: http://www.cio.in/case-study/how-cdsl%E2%80%99s-cio-way-ahead-fight-against-ddos-attack

More:
How CDSL’s CIO is way ahead in the fight against DDoS attack

Data center outages increasingly caused by DDoS

While overall unplanned data center outages have decreased, those that were the result of targeted DDoS attacks have skyrocketed. Think housing your servers in a data center rather than squeezing them under your desk is a bulletproof solution? Well, they might be safer in a data center, but believe it or not, some of the same pitfalls that can create trouble in the office can affect those secure data centers too. Namely UPS failure, human error, and cybercrime. ‘Unplanned’ UPS system failure is still the principal cause of “unplanned data center outages,” according to a new report. A quarter of all such events were related to UPS systems and batteries, according to Emerson Network Power in association with Ponemon Institute. The two organizations have been studying the cost of unplanned data center outages. Cybercrime But cybercrime-caused outages, specifically Distributed Denial of Service (DDoS) attacks, constituted a whopping 22% of the unplanned disruptions last year. That’s up from just 2% in 2010 and 18% in 2013, the last times the two organizations performed the survey. The survey collected responses from 63 data center operations who had observed an outage in the prior about year about what exactly happened. The report was published this month. Root causes Accidental causes or human error were the third biggest cause of unplanned outages, according to the report. Those mishaps caused 22% of the failures. That’s the same percentage as in 2013, but lower than in 2010, when 24% of outages were accidental or human-caused. Interestingly, many other causes of outages are lower now than they were in 2010 and 2013. They’ve been usurped by cybercrime’s huge gain. UPS failure is down slightly on 2010, when it accounted for 29% of the outages. And the aforementioned human error is down a bit. And utility failure, such as water, heat, and Computer Room Air Conditioning, which today makes up just 11% of the outages, was at 15% in 2010. Generators Likewise, generators appear to have become more reliable. Those systems contributed to 10% of the failures in 2010, whereas today they only make up 6%. The researchers don’t provide numbers relating to changing data center design over the period. Fewer generators in use—replaced by solar and alternative energy—could conceivably have caused that statistical decline. The report doesn’t specify. Weather Overall, most unplanned outage causes—including those caused by weather, which accounted for 10% of outages this year, compared to 12% in 2010 and 2013—have declined in favor of cybercrime. Even IT failure, a measly 4% of failures today, dropped from 5% in 2010. About $9K per minute And the cost? The report was released to expound on the cost of the outages, rather than to apportion blame. Well, the “average total cost per minute of an unplanned outage increased from $5,617 in 2010 to $7,908 in 2013 to $8,851 now,” according to the report. Downtime at data centers now costs an average of $740,357. That’s a 38% increase on 2010, the study calculates. And maximum costs are even higher. “Maximum downtime costs are rising faster than average, increasing 81% since 2010 to a current high of $2,409,991,” the report says. Source: http://www.networkworld.com/article/3024773/data-center/data-center-outages-increasingly-caused-by-ddos.html

DDoS Attack Hits Kickass Torrents, DNS Servers Crippled

Site goes down for most of the day on January 16 Kickass Torrents, the Internet’s biggest torrent portal has suffered downtime yesterday after an unknown attacker has pummeled the site with a DDoS attack. According to a statement given by the site’s administrators to TorrentFreak, a blog dedicated to piracy news, the attack was aimed at the website’s DNS servers. Because of this, both the main domain and the plethora of official site proxies were down as well. The brunt of the attack was registered yesterday, January 16, and had the site taken offline for almost all day. Previously, during the week, the site was also hit by smaller DDoS attacks. Everything seems to be up and running now, but expect future attacks as well. The attack fits the pattern of a DDoS extortion campaign, when small attacks are launched at first, and then a bigger one to force victims into paying the DDoS ransom. Earlier this week, Europol announced the capture of the famed DD4BC DDoS extortion group in Bosnia and Herzegovina. DD4BC is the first group known to launch DDoS attacks and then ask for payments in Bitcoin. The group’s actions have been copied by many other DDoSing outfits, and most DDoS attacks nowadays are launched for this reason. Kickass Torrents is one of Alexa’s top 100 sites on the Internet, meaning it’s an attractive target for DDoSing groups, thanks to its huge advertising revenue. Source: http://news.softpedia.com/news/ddos-attack-hits-kickass-torrents-dns-servers-crippled-499019.shtml

Author of MegalodonHTTP DDoS Malware Arrested in Norway

Hacker was arrested one month ago in Europol operation Norway’s law enforcement authorities have identified a previously arrested suspect as the author of the MegalodonHTTP malware, used for infecting computers and adding them to a botnet used for DDoS attacks. The yet unnamed suspect, known only by his online moniker of Bin4ry, was arrested in December 2015 , during the second stage of Operation Falling sTAR, launched in October 2015 against users of RATs (Remote Access Trojans). During this second phase of the operation, Europol authorities coordinated the arrests of 12 individuals in France, Norway and Romania. Five of the suspects were arrested in Norway. Damballa helped authorities track down MegalodonHTTP’s author A big part in arrest played US cyber-security vendor Damballa, who helped Europol break down the botnet’s activities, and then worked with Norwegian authorities to track down the malware’s author. “We are not at liberty to divulge the MegalodonHTTP author’s real identity, but we can confirm that the person behind the handle Bin4ry is no longer active or doing business,” said Loucif Kharouni, Senior Threat Researcher for Damaballa. Damballa’s team analyzed the MegalodonHTTP malware in late November 2015, as the malware was starting to become more prevalent on the Dark Web, being sold in two separate packages, one that cost $35, and the second that cost $100. Damballa: MegalodonHTTP is not an advanced malware The malware was sold both from Dark Web hacking forums, but also from the now defunct bina4ry.com domain, and came equipped with an automated installer and administration panel, so even skids (script kiddies) could use it, without possessing advanced technical in advance. According to Bin4ry’s description of MegalodonHTTP, the malware was capable of launching seven types of DDoS attacks, remote shells on infected machines, included Bitcoin mining features, but also had the option to kill antivirus processes. At the time of their analysis, Damaballa researchers said that despite being quite potent in terms of features, the malware was not the work of a skilled coder, worked only on Windows machines, and needed the .NET Framework installed, which narrowed the number of machines it could work from. MegalodonHTTP DDoS botnet administration panel Source: http://news.softpedia.com/news/author-of-megalodonhttp-ddos-malware-arrested-in-norway-498981.shtml

Link:
Author of MegalodonHTTP DDoS Malware Arrested in Norway