Tag Archives: stop-dos

NXNSAttack technique can be abused for large-scale DDoS attacks

New vulnerability in DNS server software can be leveraged for DDoS attacks with an 1620x amplification factor. A team of academics from Israel has disclosed today details about NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions. According to the research team, NXNSAttack impacts recursive DNS servers and the process of DNS delegation. Recursive DNS servers are DNS systems that pass DNS queries upstream in order to be resolved and converted from a domain name into an IP address. These conversions take place on authoritative DNS servers, the servers that contain a copy of the DNS record, and are authorized to resolve it. However, as a safety mechanism part of the DNS protocol, authoritative DNS servers can also “delegate” this operation to alternative DNS servers of their choosing. New NXNSAttack explained In a research paper published today, academics from the Tel Aviv University and The Interdisciplinary Center in Herzliya, Israel, said they found a way to abuse this delegation process for DDoS attacks. The NXNSAttack technique has different facets and variations, but the basic steps are detailed below: 1) An attacker sends a DNS query to a recursive DNS server. The request is for a domain like “attacker.com,” which is managed through an attacker-controlled authoritative DNS server. 2) Since the recursive DNS server is not authorized to resolve this domain, it forwards the operation to the attacker’s malicious authoritative DNS server. 3) The malicious DNS server replies to the recursive DNS server with a message that equates to “I’m delegating this DNS resolving operation to this large list of name servers.” The list contains thousands of subdomains for a victim website. 4) The recursive DNS server forwards the DNS query to all the subdomains on the list, creating a surge in traffic for the victim’s authoritative DNS server. Image: NIC.CZ NXNSAttack has a huge amplification factor The research team says that an attacker using NXNSAttack can amplify a simple DNS query from 2 to 1,620 times its initial size, creating a massive spike in traffic that can crash a victim’s DNS server. Once the DNS server goes down, this also prevents users from accessing the attacked website, as the site’s domain can’t be resolved anymore. The research team says the NXNSAttack packet amplification factor (PAF) depends on the DNS software running on a recursive DNS server; however, in most cases, the amplification factor is many times larger than other DDoS amplification (reflection) attacks, where the PAF is usually between lowly values of 2 and 10. This large PAF implies that NXNSAttack is one of the most dangerous DDoS attack vectors known to date, having the ability to launch debilitating attacks with only a few devices and automated DNS queries. Patches available for DNS software The Israeli researchers said they’ve been working for the past few months with the makers of DNS software, content delivery networks, and managed DNS providers to apply mitigations to DNS servers across the world. Impacted software includes the likes of ISC BIND (CVE-2020-8616), NLnet labs Unbound (CVE-2020-12662), PowerDNS (CVE-2020-10995), and CZ.NIC Knot Resolver (CVE-2020-12667), but also commercial DNS services provided by companies like Cloudflare, Google, Amazon, Microsoft, Oracle (DYN), Verisign, IBM Quad9, and ICANN. Image: Shafir et al. Patches have been released today and over the previous weeks. They include mitigations that prevent attackers from abusing the DNS delegation process to flood other DNS servers. Server administrators who run their own DNS servers are advised to update DNS resolver software to the latest version. The research team’s work has been detailed in an academic paper entitled “ NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities ,” available for download in PDF format . Source: https://www.zdnet.com/article/nxnsattack-technique-can-be-abused-for-large-scale-ddos-attacks/

View the original here:
NXNSAttack technique can be abused for large-scale DDoS attacks

WannaCry FAQ

What is it ? WannaCry also know as WanaCrypt 2.0 is a form of malware commonly known as “Ransom Ware”. Where did it come from ? It was originally developed by the NSA in the US called “Eternal Blue” and was a way for them to secretly access computers. It was based on a flaw in windows machines, Unfortunately the NSA did not store this weaponized malware securely enough and someone hacked in and stole it. At this point it was loose and easily findable on the Internet. If you see a screen like this, you’re machine is definitely infected. Here is a link below from Microsoft to check/scan if your PC has a virus. https://www.microsoft.com/security/scanner/en-us/default.aspx Who is responsible for this ? At this point no one knows but there are a lot of smart people working on it and they will be caught eventually…This is my opinion. Is someone making money from this ? Yes, as with all ransom ware there is a money component.These are 3 discovered bitcoin Identifiers that victims are paying the ransom to Which is hardcoded into the Malware. As of 09:15 EST May 14, 2017 The total ransom paid is a total of $15,150.00 USD. This is surprisingly low, it’s definitely going to rise. Check for yourself on its progress by clicking the 3 links below. https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn How did my computer get infected ? If you’re on a corporate network, you most likely got it from another computer on your network. If you’re at home on a cable modem you got it through email phishing or visiting a hacked or a sketchy website. How did it spread so quickly ? As you most likely know by now, millions of computers were infected in a few short days and those most affected by this are on corporate, Government and University networks. It spreads on these networks by using a windows flaw that goes from machine to machine using Microsoft’s SMB feature . Here’s a short list of victims from GITHUB NHS (uk) turning away patients, unable to perform x-rays. (list of affected hospitals) Nissan (uk) http://www.chroniclelive.co.uk/news/north-east-news/cyber-attack-nhs-latest-news-13029913 Telefonica (spain) ( https://twitter.com/SkyNews/status/863044193727389696 ) power firm Iberdrola and Gas Natural ( spain ) FedEx (us) ( https://twitter.com/jeancreed1/status/863089728253505539 ) University of Waterloo ( us ) Russia interior ministry & Megafon (russia) https://twitter.com/dabazdyrev/status/863034199460261890/photo/1 VTB (russian bank) https://twitter.com/vassgatov/status/863175506790952962 Russian Railroads (RZD) https://twitter.com/vassgatov/status/863175723846176768 Portugal Telecom ???????? – Sberbank Russia ( russia ) Shaheen Airlines (india, claimed on twitter) Train station in frankfurt ( germany ) Neustadt station ( germany ) the entire network of German Rail seems to be affected ( @farbenstau ) in China secondary schools and universities had been affected ( source ) A Library in Oman ( @99arwan1 ) China Yanshui County Public Security Bureau ( https://twitter.com/95cnsec/status/863292545278685184 ) Schools/Education (France) https://twitter.com/Damien_Bancal/status/863305670568837120 A mall in singapore https://twitter.com/nkl0x55/status/863340271391580 ATMs in china https://twitter.com/95cnsec/status/863382193615159 Renault STC telecom Norwegian soccer team ticket sales Is my website spreading this malware ? I can only say that any DOSarrest customers using our advanced WAF are not spreading this Malware as we won’t allow this type of malicious traffic to get to your server. Is it still spreading ? No, good news ! This thing had a kill switch built into its code, so if any machine can access this site www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com it won’t spread from that machine. I’m infected, What should I do ? We recommend that you wipe your machine clean  and restore from back-ups….of course everyone has backups, Right ? Need more info… Try Github.com Microsoft to get the free patch if you need it. Source: https://www.dosarrest.com/ddos-blog/wannacry-faq/

Read More:
WannaCry FAQ

More than 400 DDos attacks identified using new attack vector – LDAP

Hackers use misconfigured LDAP servers – Connectionless Lightweight Directory Access Protocol (CLDAP) – to provide a means to launch DDoS attacks. More than 400 DDoS attacks taking advantage of misconfigured LDAP servers have been spotted by security researchers. CLDAP DDoS attacks use an amplification technique, which takes advantage of the Connectionless Lightweight Directory Access Protocol (CLDAP): LDAP is one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in many online servers. When an Active Directory server is incorrectly configured and exposes the CLDAP service to the Internet it is vulnerable to be leveraged to perform DDoS attacks. Since its discovery in October 2016, researchers at Corero Network Security have observed a total of 416 CLDAP DDoS attacks, most of which are hosting and internet service providers. The largest attack volume recorded was 33 Gbps, with an average volume of 10 Gbps. The attacks averaged 14 minutes long in duration. “These powerful short duration attacks are capable of impacting service availability, resulting in outages, or acting as a smoke screen for other types of cyber-attacks, including those intended for breach of personally identifiable data,” said Stephanie Weagle, vice president of marketing at Corero Network Security, in a blog post. Stephen Gates, chief research intelligence analyst from NSFOCUS, told SC Media UK that in the quest to find new means of launching DDoS attacks, hackers have once again found open devices on the Internet running weak protocols that can be exploited for their personal gain. “However, like any other reflective DDoS attack campaign, the number of available reflectors is of critical importance. In addition, the amplification factor those reflectors afford is the second stipulation,” he said. “In this case, the number of open devices on the Internet running CLDAP is relatively small, in comparison to open DNS and NTP reflectors; yet the amplification factor is respectable (~70x). Surely, this attack technique is new, but it is not the worse seen so far. This vector will likely be used in combination with other reflective attack techniques, and rarely used on its own. Until the world’s service providers fully implement BCP-38, similar discoveries and resulting campaigns will continue to plague us all.” Bogdan Botezatu, senior E-Threat analyst at Bitdefender, told SC that a CLDAP attack is designed around third parties: an entity running a misconfigured instance of CLDAP, a victim and an attacker. “The attacker would ask the CLDAP infrastructure to retrieve all the users registered in the Active Directory. Because the attacker makes this query look like it was initiated by the victim by replacing the originating IP address with the victim’s, the CLADP service will actually send the answer to the victim,” he said. “Subsequently, the victim finds itself being bombarded with the information they did not request. If the attacker can harness enough power, the victim’s infrastructure will crash under a load of unsolicited information.” He said that organisations could deploy strong, restrictive firewall policies for inbound traffic. “Load balancing and specialised hardware can also help organisations absorb the impact,” said Botezatu. Source: https://www.scmagazineuk.com/more-than-400-ddos-attacks-identified-using-new-attack-vector–ldap/article/652939/

View original post here:
More than 400 DDos attacks identified using new attack vector – LDAP

Teenage hacker jailed for masterminding attacks on Sony and Microsoft

Adam Mudd jailed for two years for creating attack-for-hire business responsible for more than 1.7m breaches worldwide. A man has been jailed for two years for setting up a computer hacking business that caused chaos worldwide. Adam Mudd was 16 when he created the Titanium Stresser program, which carried out more than 1.7m attacks on websites including Minecraft, Xbox Live and Microsoft and TeamSpeak, a chat tool for gamers. He earned the equivalent of more than £386,000 in US dollars and bitcoins from selling the program to cyber criminals. Mudd pleaded guilty and was sentenced at the Old Bailey. The judge, Michael Topolski QC, noted that Mudd came from a “perfectly respectable and caring family”. He said the effect of Mudd’s crimes had wreaked havoc “from Greenland to New Zealand, from Russia to Chile”. Topolski said the sentence must have a “real element of deterrent” and refused to suspend the jail term. “I’m entirely satisfied that you knew full well and understood completely this was not a game for fun,” he told Mudd. “It was a serious money-making business and your software was doing exactly what you created it to do.” Mudd showed no emotion as he was sent to a young offender institution. During the two-day hearing, Jonathan Polnay, prosecuting, said the effect of Mudd’s hacking program was “truly global”, adding: “Where there are computers, there are attacks – in almost every major city in the world – with hotspots in France, Paris, around the UK.” The court heard that Mudd, who lived with his parents, had previously undiagnosed Asperger syndrome and was more interested in status in the online gaming community than the money. The court heard that the defendant, now 20, carried out 594 of the distributed denial of service (DDoS) attacks against 181 IP addresses between December 2013 and March 2015. He has admitted to security breaches against his college while he was studying computer science. The attacks on West Herts College crashed the network, cost about £2,000 to investigate and caused “incalculable” damage to productivity, the court heard. On one occasion in 2014, the college hacking affected 70 other schools and colleges, including Cambridge, Essex and East Anglia universities as well as local councils. Mudd’s explanation for one of the attacks was that he had reported being mugged to the college but claimed no action was taken. Polnay said there were more than 112,000 registered users of Mudd’s program who hacked about 666,000 IP addresses. Of those, nearly 53,000 were in the UK. Among the targets was the fantasy game RuneScape, which had 25,000 attacks. Its owner company spent £6m trying to defend itself against DDoS attacks, with a revenue loss of £184,000. The court heard that Mudd created Titanium Stresser in September 2013 using a fake name and address in Manchester. He offered a variety of payment plans to his customers, including discounts for bulk purchases of up to $309.99 for 30,000 seconds over five years as well as a refer-a-friend scheme. Polnay said: “This is a young man who lived at home. This is not a lavish lifestyle case. The motivation around this we tend to agree is about status. The money-making is by the by.” When he was arrested in March 2015, Mudd was in his bedroom on his computer, which he refused to unlock before his father intervened. Mudd, from Kings Langley in Hertfordshire, pleaded guilty to one count of committing unauthorised acts with intent to impair the operation of computers; one count of making, supplying or offering to supply an article for use in an offence contrary to the Computer Misuse Act; and one count of concealing criminal property. Ben Cooper, defending, appealed for his client to be given a suspended sentence. He said Mudd had been “sucked into” the cyber world of online gaming and was “lost in an alternate reality” after withdrawing from school because of bullying. Mudd, who was expelled from college and now works as a kitchen porter, had been offline for two years, which was a form of punishment for any computer-obsessed teenager, Cooper said. The “bright and high-functioning” defendant understood what he did was wrong but at the time he lacked empathy due to his medical condition, the court heard. Cooper said: “This was an unhappy period for Mr Mudd, during which he suffered greatly. This is someone seeking friendship and status within the gaming community.” But the judge said: “I have a duty to the public who are worried about this, threatened by this, damaged by this all the time … It’s terrifying.” Source: https://www.theguardian.com/technology/2017/apr/25/teenage-hacker-adam-mudd-jailed-masterminding-attacks-sony-microsoft

Link:
Teenage hacker jailed for masterminding attacks on Sony and Microsoft

Canada one of sources for destructive IoT botnet

Canada is among the countries that have been stung by a mysterious botnet infecting Internet-connected devices using the Linux and BusyBox operating systems that essentially trashes the hardware, according to a security vendor. Called a Permanent Denial of Service attack (PDoS) – also called “plashing” by some – the attack exploits security flaws or misconfiguration and goes on to destroy device firmware and/or basic functions of a system, Radware said in a blog released last week. The first of two versions has rendered IoT devices affected into bricks, which presumably is why the attack has been dubbed the BrickerBot. A second version goes after IoT devices and Linux servers. “Over a four-day period, Radware’s honeypot recorded 1,895 PDoS attempts performed from several locations around the world,” the company said in the blog. “Its sole purpose was to compromise IoT devices and corrupt their storage.” After accessing a device by brute force attacks on the Telnet login, the malware issues a series of Linux commands that will lead to corrupted storage, followed by commands to disrupt Internet connectivity, device performance, and the wiping of all files on the device. Vulnerable devices have their Telnet port open. Devices tricked into spreading the attack — mainly equipment from Ubiquiti Networks Inc. including wireless access points and bridges with beam directivity — ran an older version of the Dropbear secure shell (SSH) server. Radware estimates there are over 20 million devices with Dropbear connected to the Internet now which could be leveraged for attacks. Targets include digital video cameras and recorders, which have also been victimized by the Mirai or similar IoT botnets. According to Radware, the PDoS attempts it detected came from a limited number of IP addresses in Argentina, the U.S., Canada, Russia, Iran, India, South Africa and other countries. Two versions of the bot were found starting March 20: Version one, which was short-lived and aimed at BusyBox devices, and version two, which continues and has a wider number of targets. While the IP addresses of servers used to launch the first attack can be mapped, the more random addresses of servers used in the second attack have been obscured by Tor egress nodes. The second version is not only going after IoT devices but also Unix and Linux servers by adding new commands. What makes this botnet mysterious is that it wipes out devices, rather than try to assemble them into a large dagger that can knock out web sites – like Mirai. “BrickerBot 2 is still ongoing,” Pascal Geenens, a Radware security evangelist based in Belgium, said in a phone interview this morning. “We still don’t have an idea who it is because it’s still hiding behind the Tor network.” “We still have a lot of questions like where was it originating from, what is the motivation? One of them could be someone who’s angry at IoT manufacturers for not solving that [security] problem, maybe somebody who suffered a DDoS attack and wants to get back at manufacturers by bricking the devices. That way it solves the IoT problem and gets back at manufacturers. “Another idea that I have is maybe its a hacker that is running Windows-based botnets, which are more costly to maintain.” It’s easy to inspect and compromise an IoT device through a Telnet command, he explained, so IoT botnet are easy to assemble. That lowers the cost for a botnet-for-hire. By comparison Windows devices have to be compromised through phishing campaigns that trick end users into downloading binaries that evade anti-virus software. It’s complex. So Geenens wonders if a hacker’s goal here is to get into IoT botnets and destroy the devices, which then raises the value of his Windows botnet. Another theory is the attacker is searching for Linux-based honeypots — traps set by infosec pros — with default passwords. He also pointed out Unix or Linux-based servers with default credentials are vulnerable to the BrickerBot 2 attack. However, he added, there wouldn’t be many of those because during installation process Linux ask for creation of a root password, so there isn’t a default credential. The exception, he added, is a pre-installed image downloaded from the Internet. Administrators who have these devices on their networks are urged to change factory default credentials and disable Telnet access. Network and user behavior analysis can detect anomalies in traffic, says Radware. Source: http://www.itworldcanada.com/article/canada-one-of-sources-for-destructive-iot-botnet/392242

Read the original:
Canada one of sources for destructive IoT botnet

ICIT Finds Healthcare Sector at Great Risk for DDoS Attacks

Healthcare, financial, and energy are the top three sectors facing the highest risk of a DDoS attack, a recent ICIT report found. With its high dependency on digital records, network connectivity, accessible information, and real-time communication, healthcare is one of the sectors at greatest risk for a DDoS attack, the Institute for Critical Infrastructure Technology (ICIT) explained in a recent publication. The financial industry and energy sector are also at high risk for such attacks, ICIT said in “Rise of the Machines: The Dyn Attack Was Just a Practice Run. “Obstructions to even an email server could cause delays in treatment, while widespread attacks that holistically render a critical service unavailable, such as an IoT DDoS attack, would pose a serious risk to patient and staff safety,” wrote ICIT Senior Fellow James Scott and ICIT Researcher Drew Spaniel. Citing research from a previous ICIT brief, the duo explained that healthcare is incorporating, and interacting with connected devices that are often designed without necessary security measures. Previously, this has led to instances such as MRI machines or pacemakers being infected with ransomware. “While there is no indication that healthcare devices have been incorporated into DDoS botnets, it may be only a matter of time before an adversary adapt an IoT malware such as Mirai, to harness the computational resources of medical devices because many lack basic access controls such as multi-factor authentication (or any authentication whatsoever),” the authors maintained. There is also the potential danger of an IoT malware or a worm that would “brick” or kill “infected medical devices in order to cause panic, extort a ransom, or as part of a multi-tiered attack.” Overall, Scott and Spaniel stated that a “perfect storm” is brewing across the nation with regard to private critical infrastructures facing cybersecurity threats. More organizations are utilizing the internet and IoT devices, but device manufacturers will sometimes “negligently avoid incorporating security-by-design into their systems.” This happens because the manufacturers have not been properly incentivized, and instead pass the potential risk onto the end-user. “As the adversarial landscape of nation state and mercenary APTs, hacktivists, cyber-criminal gangs, script kiddies, cyber caliphate actors, and hail-mary threat actors continues to hyperevolve, America’s treasure troves of public and private data, IP, and critical infrastructure continues to be pilfered, annihilated, and disrupted, while an organizational culture of ‘Participation Trophy Winners” managed by tech neophyte executives continue to lose one battle after the next.” A key area of concern is the Mirai malware, which “offers malicious cyber actors an asymmetric quantum leap in capability.” Specifically, Mirai has a strong development platform “that can be optimized and customized according to the desired outcome of a layered attack by an unsophisticated adversary.” While Mirai has forced different industries to review devices that lack security by design and other IoT device vulnerabilities, the authors noted that it “will not forever remain the favorite tool of unsophisticated malicious threat actors.” DDoS attacks on the healthcare industry were addressed earlier this month in the Office for Civil Rights (OCR) latest newsletter. OCR reiterated that healthcare often uses IoT in several ways, such as allowing healthcare facilities to monitor medical devices, patients, and personnel. This can open organizations up to certain cybersecurity threats. “An attacker may be able to deter patients or healthcare personnel from accessing critical healthcare assets such as payroll systems, electronic health record databases, and software-based medical equipment (MRI, EKGs, infusion pumps, etc.),” OCR stated, citing data from US-CERT. For preventing such attacks, OCR advised that organizations continuously monitor and scan for vulnerable and comprised IoT devices on their networks. Entities should also adhere to the necessary remediation actions. “Password management policies and procedures for devices and their users should also be implemented and adhered to. All default passwords need to be switched to strong passwords,” OCR said, adding that default usernames and passwords for most devices can be found online. Source: http://healthitsecurity.com/news/icit-finds-healthcare-sector-at-great-risk-for-ddos-attacks

Read the article:
ICIT Finds Healthcare Sector at Great Risk for DDoS Attacks

Education Ministry website is under DDoS-attacks

Website of the Ministry of Education and Science does not work due to DDoS-attack. As noted by Interfax-Ukraine, citing the press service of the department, the attack on the portal has been made yesterday. “The attack was made on the weekend, and as a result of it the website is down”, noted in the department. According to the ministry, at the moment the attack has been finished, the work to restore the website is underway, but they have not completed it yet. Earlier the websites of the Ministry of Finance, the State Treasury and the Pension Fund also suffered from the hacker attacks. Source: http://112.international/society/education-ministry-website-is-under-ddos-attacks-12465.html

View article:
Education Ministry website is under DDoS-attacks

Cyber criminals compromising virtual machines in cloud to increase scale of DDoS

The recently released Microsoft’s latest Security Intelligence Report states that cyber-criminals are compromising virtual machines in the cloud as a way to vastly increase the scale of Distributed Denial of Service Attacks (DDoS). Microsoft has warned of many new cyber risks faced by IT companies in the report. It says that hackers have learned how to use compromised virtual machines running in the cloud to launch massive cyber-attacks. The report says: “In the cloud weaponisation threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of a few virtual machines. The attacker can then use these virtual machines to attack, compromise, and control thousands of virtual machines—some within the same public cloud service provider as the initial attack, and others inside other public cloud service providers.” Attackers can easily issue commands to launch DDoS attacks that cripple online services and websites or flood the internet with spam. Microsoft’s cloud computing platform, Azure, has witnessed attempts to exploit the cloud to establish communications with malicious IP addresses and brute force RDP, the Remote Desktop Protocol used by Microsoft to allow users to access their desktops over a network, representing 41% and 25.5% of all outbound attacks, respectively. Spam followed at just over 20% and DDoS attempts made up 7.6% of attacks. The company is also warning IT administrators to be on the lookout for targeted threats aimed at taking control of an email account that has a high probability of containing credentials that can be used to gain access to the public cloud administrator portal. If successful, the threats may open both their on-premises and cloud infrastructures to attack. The attacker, after logging into the administrator portal, can gather information and make changes to gain access to other cloud-based resources, execute ransomware, or even pivot back to the on-premises environment. They are also keeping tabs on GitHub and other public code repositories, hoping that developers will accidentally publish secret keys that can potentially grant access to cloud accounts and services. Microsoft has further warned of “Man in the Cloud” (MitC) attacks wherein victims are tricked into downloading and installing malware, typically with an email containing a malicious link. Once active, the malware searches for a cloud storage folder and replaces the victim’s synchronisation token with that of the attacker’s. After this, whenever a user adds a file to their cloud storage accounts each time, a copy is delivered to the attacker. http://www.cloudcomputing-news.net/news/2016/dec/16/cyber-criminals-compromising-virtual-machines-cloud-increase-scale-ddos/ http://www.eweek.com/security/microsoft-report-says-hackers-weaponizing-cloud-virtual-machines.html Source: https://www.ddosattacks.net/wp-admin/post-new.php

Continue Reading:
Cyber criminals compromising virtual machines in cloud to increase scale of DDoS

Hackers hit Thai government with DDoS attacks protesting against restrictive internet law

Classified government records are believed to have been accessed by the hackers. Anonymous hackers have reportedly hit Thailand government websites with targeted DDoS attacks in retaliation for the passage of a bill which is feared to impose considerable restrictions on internet freedom. The bill introduced amendments to the country’s computer crime law and was unanimously passed by the military-appointed legislature on 16 December, according to reports. The new law allows Thai authorities to monitor and access private communications as well as censor online content without a court order. The DDoS attack knocked out Thailand’s defence ministry website. At the time of writing, the site remains inaccessible. Anonymous hackers also reportedly targeted the Thai Ministry of Digital Economy and Society, the Prime Minister’s Office and the Office of the National Security Council. A hacker, claiming to be part of the Anonymous campaign against the Thai government titled “Op Single Gateway”, going by the pseudonym “blackplans”, posted screenshots on Twitter of what he/she claimed were documents stolen from the compromised government sites. The Thai defence ministry said the attack accomplished little. “They couldn’t do anything because we have defence systems in place that are ready for such situations,” said Kongcheep Tantrawanich, a defence ministry spokesman,” ABC News reported. He warned that further attacks could lead to “destroying financial systems, banks, transportation systems, airports and can cause damage toward the population of an entire country”. The Thai government characterised the hackers as “thugs” bent upon “creating chaos” and “overstepping boundaries”. The government has also asked the public to come forward with information about the hackers. Thai cyber controls raise censorship and privacy concerns Privacy groups have raised concerns about Thailand’s new cyber laws, which are believed to infringe on human rights and freedom of expression. The UN Office of Human Rights said in a statement on Monday (19 December): “We are concerned by amendments to Thai legislation that could threaten online freedoms, and call on the government to ensure the country’s cyber laws comply with international human rights standards.” According to local reports, Amnesty International, in collaboration with the Thai Netizen Network, lodged a petition with the Thai National Legislative Assembly. The petition, which has also been endorsed by 300,000 internet users, calls for reconsideration of the amendments to the computer crime act. “The bill is very broad and open to interpretation and we will have to see how the government will implement these laws,” said Arthit Suriyawongkul of the Thai Netizen Network. “It’s not the law itself that is a rights violation, but the authorities’ extensive power when monitoring and censoring online content, which could raise privacy concerns.” Thai Prime Minister Prayuth Chan-ocha defended the amendments to the nation’s cyber laws. “This law is for when anyone posts something that is poisonous to society so that we know where it comes from,” Prayuth said, Reuters reported. “Don’t think this is a rights violation. This isn’t what we call a rights violation … this is what we call a law to be used against those who violate the law,” he said. Source: http://www.ibtimes.co.uk/hackers-hit-thai-government-ddos-attacks-protesting-against-restrictive-internet-law-1597339

Read this article:
Hackers hit Thai government with DDoS attacks protesting against restrictive internet law

HSBC Website Suffers DDoS Attack

OurMine Hacking group conducted a massive DDoS attack on HSBC websites forcing the sites to go offline in UK and the USA! The official domain of HSBC (Hongkong and Shanghai Banking Corporation) came under massive distributed denial-of-service (DDoS) attack on 12July affecting domain in UK and the USA. The DDoS attack was conducted by OurMine hacking group which previously made headlines for hacking social media accounts of high-profile tech celebrities including Facebook’s Mark Zuckerberg and Google’s Sundar Pichai but this is the second DDoS attack  after WikiLeaks last week. Currently, the reason for targeting HSBC bank is unknown though according to SoftPedia the cyber attack was stopped within few hours after one of HSBC’s staffs contacted the attackers. “Hello, We stopped the attack of HSBC Bank! a staff of HSBC Talked with us,” stated the hackers on their official blog. Screenshot shared by attackers shows HSBC’s UK and US domains are down! It is unclear if the bank was targeted for ransom or just for fun, however, this is not the first time when HSBC faced such attacks. In January 2016 hacktivists from New World Hacktivists (NWH) claimed responsibility for a DDoS attack on HSBC’s mobile servers on payday. As far as OurMine is concerned, it is the same group who hacked  Google’s CEO Sundar Pichai Quora account which was also linked to his Twitter account, the group also hacked Facebook’s CEO Mark Zuckerberg Twitter and Pinterest accounts and last but not the least the official Twitter account of Twitter’s CEO Jack Dorsey was also taken over by the same group. DDoS attacks have been increasing with every passing day . In the past, DDoS attacks were conducted just for fun or to shut down servers but now hackers attack sites for ransom and keep them down until a ransom is paid. The ProtonMail DDoS attack is a fine example of how these attacks are becoming another online mafia to steal money. At the time of publishing this article, both targeted sites were reachable. Source: https://www.hackread.com/hsbc-website-suffers-ddos-attack/  

Read the original post:
HSBC Website Suffers DDoS Attack