Tag Archives: var-username

How Shall DDoS Attacks Progress In The Future?

In recent months we have witnessed a rise in new and significantly high-volume distributed denial of service (DDoS) attacks. The venomous nature Mirai botnet Mirai botnet is a prime example in this case. Involved in a string of DDoS attacks in recent months, including the one on DNS provider Dyn in October, the botnet is said to have a population of around 300,000 compromised IoT devices. Its population could increase significantly if hackers somehow amend the source code to include the root credentials of many other devices not currently employed by the botnet. Cybersecurity experts predict that Mirai botnet, and others like it, will become more complex as 2017 progresses. Hackers are always to evolve, and once they do, they’d adapt the botnet to new DDoS attacking methods. It is believed that Mirai currently contains around 10 different DDoS attack techniques which are being utilized by hackers to initiate an attack. These will obviously increase as 2017 progresses. Corporate giants need to fear the possibility of more DDoS attacks Mirai botnet is only the first of many examples. The motivation for DDoS attacks are endless, and the range of these attacks is expanding into political and economic domains. Though, previously these attacks were restricted to small websites. Now, they have the potential to disrupt websites of internet giants including BBC, Dyn and Twitter. Our entire digital economy depends upon access to the Internet, so organizations should think carefully about business continuity in the wake of such events. Individual DDoS attacks, on average, cost large enterprises $444,000 per incident in lost business and IT spending, so the combined economic impact from an entire region being affected would be extremely damaging. Some argue that companies must place back-up telephone systems in place to communicate with customers in case of a DDoS attack. Though, beneficial for small companies, this will certainly not help internet giants like Amazon, Alibaba and other such services. DDoS attacks on gamers According to multiple surveys, gamers are a big target of DDoS attacks. Over recent years, gaming has gradually shifted towards an online model, and things will continue moving in this direction. However, sometimes to get undue advantage, hackers often hit rival gamers with DDoS attacks in order to win the game in a cheap manner. ISPs Need to Play a Role in Reducing DDoS Attacks In the wake of recent IoT-related DDoS attacks, experts encourage manufacturers to install multiple security protocols on internet connected devices before they are sold to customers. Though, this may help in reducing the strength of future DDoS attacks, ISPs still need to play a major role in eliminating the threat of future DDoS attacks. At least on a local level, ISPs could reduce the overall volume of DDoS attacks significantly under their domain by employing systems and features which could help detect and remediate infected bots that are used to launch DDoS attacks. A nexus of ISPs, device manufacturers, the government and internet giants can greatly help in reducing the threat of future DDoS attacks. The internet community is paying attention to problems related to DDoS attacks, and network operators and internet giants are looking for ways to address this issue. If this nexus operates together and works hard enough to protect the integrity of the internet, we may make tremendous progress in defeating the threat of DDoS attacks once and for all! Source: http://www.informationsecuritybuzz.com/articles/shall-ddos-attacks-progress-future/

See more here:
How Shall DDoS Attacks Progress In The Future?

Cybercriminals Breached Over a Billion Accounts Last Year

Cybercriminals had a very good year in 2016 — and we all paid the price. These digital bandits became more ambitious and more creative and that resulted in a year marked by “extraordinary attacks,” according to the 2017 Internet Security Threat Report from Symantec. “Cyber crime hit the big time in 2016, with higher-profile victims and bigger-than-ever financial rewards,” the report concluded. The bad guys made a lot of money last year,” said Kevin Haley, director of Symantec Security Response. “They keep getting better and more efficient at what they do; they managed to fool us in new and different ways.” Some of the damage done last year: Data breaches that exposed 1.1 billion identities, up from 564 million in 2015 More ransomware attacks with higher extortion demands Some of the biggest distributed denial of service (DDoS) attacks on record, causing “unprecedented levels of disruption” to internet traffic. Cyber thieves have traditionally made their money by stealing a little bit from a lot of people. They’ve focused on raiding individual bank accounts or snagging credit card numbers. But that’s starting to change, as criminal gangs are going after the banks themselves, the reported noted. “It takes a lot of sophistication and a lot of patience — you really need to understand what you’re doing — but if you can break into the bank, you can steal millions of dollars at once,” Haley told NBC News. “It’s like those big heist movies we see. Cybercriminals are now pulling off these big heists with specialists, sophisticated tools and some great imagination in what they do.” Email Is Back as the Favorite Way to Attack Malicious email is now “the weapon of choice” for a wide range of cyber attacks by both criminals and state-sponsored cyber espionage groups. Symantec found that one in 131 emails was malicious last year, up dramatically from 2015, and the highest rate in five years. Email attacks are back because they work, the report noted: “It’s a proven attack channel. It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Remember: It was a simple spear-phishing attack — a spoofed email with instructions to reset an email password — that was used to attack the Democrats in the run-up to the 2016 presidential election. “People are comfortable with email. They read it,” Haley said. “Even when people are suspicious, the bad guys know how to fool us.” Most malicious email is disguised as a notification — most commonly an invoice or delivery notice from a well-known company. In many cases, the malicious attachment is a simple Word document. Most people don’t think of a Word file as dangerous or malicious. And for the most part, they’re not. But these clever crooks have a “social engineering” trick to get you to do what they want. The information on the malicious document is deliberately unreadable, which is unsettling. A note tells the intended target to click a button that will make it possible to read the message. Do that, and you’ve turned on the macros that allow the malware to download onto your computer. Just like that, they’ve got you. Ransomware: Everyone Is at Risk Ransomware attacks have grown more prevalent and destructive, which is why Symantec called them “the most dangerous cyber crime threat facing consumers and businesses in 2016.” The number of ransomware infections detected by Symantec grew by 36 percent last year, skyrocketing from 340,000 in 2015 to 463,000 in 2016. And it’s expected to remain a major global threat this year. This devious malware locks up computers, encrypts the data and demands payment for the unique decryption key. In the blink of an eye, entire computer systems can become useless. Ransomware is most often hidden in innocuous-looking email, such as a bogus delivery notice or invoice. For-hire spam botnets make it easy for the crooks to send hundreds of thousands of malicious emails a day for very little cost. It’s a lucrative crime. The average ransomware demand shot up from $294 in 2015 to $1,077 last year. Research by Symantec’s Norton Cyber Security Insight team found that 34 percent of the victims worldwide pay the ransom. In the U.S. that jumps to 64 percent. This willingness to pay could explain why America remains their prime target, with more than one-third of all ransomware attacks. New Targets: The Cloud, Internet of Things and Mobile Devices From security cameras and baby monitors to thermostats and door locks, our households are now filled with devices connected to the internet. Weak security makes the Internet of Things (IoT) an easy target for all sorts of malicious activity. Most of these devices have simple and common default passwords, such as “admin” or “123456,” that can’t be changed or are rarely changed. Last year, cybercriminals harnessed the power of these connected devices to do some serious damage. Tens of thousands of infected IoT devices, such as security cameras and routers, became a powerful botnet that launched high-profile (DDoS) attacks that successfully shut down websites. The DDoS attack in October against Dyn, a cloud-based hosting service, disrupted many of the world’s leading websites, including Netflix, Twitter and PayPal. Cloud attacks have become a reality and Symantec predicts they will increase this year. “A growing reliance on cloud services should be an area of concern for enterprises, as they present a security blind spot,” the report cautioned. Symantec said it saw a two-fold increase in attempted attacks on IoT devices over the course of last year. Cyber criminals are also targeting mobile devices. Most of the attacks are focused on the Android operating system, which has the largest share of the mobile market. Attacks on iOS devices remain relatively rare. Improvements in Android’s security architecture have made it increasingly difficult to infect mobile phones or to capitalize on successful infections, the report noted. But the volume of malicious Android apps continues to increase, growing by 105 percent last year. The 2017 Internet Security Threat report can be downloaded from Symantec’s website. Want to fight back? Norton has a list of tips on how to protect yourself and your devices on its website. Source: http://www.nbcnews.com/tech/tech-news/cybercriminals-breached-over-billion-accounts-last-year-n753131

Visit site:
Cybercriminals Breached Over a Billion Accounts Last Year

Discovery of 8,800 servers sends warning to Asian cybercriminals

In one of the more curious cybercrime announcements of recent times, Interpol’s Asian centre says it has “identified” 8,800 servers used as command & control (C2) for all sorts of bad things including DDoS attacks and distributing ransomware and spam. You read that correctly. Interpol hasn’t disrupted these servers, merely passed information on their whereabouts and malevolent purpose to police forces in eight countries, including Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam. The operation isolated the C2 by working back from 270 websites infected with malware, assisted by intelligence and know-how from a number of cybersecurity companies. Added Interpol: Among them were several government websites which may have contained personal data of their citizens. Individual criminals were also identified in Nigeria and Indonesia, which hints that arrests might be forthcoming. It sounds like a modest achievement until you remember that Asia is a favoured geography for malware hosting infrastructure (including servers used to attack other parts of the globe) but, historically, underwhelming levels of cross-border co-operation. If action at national level in the countries affected eventually sees the servers disappear forever, it’s not something to be sniffed at. The bigger picture is that Interpol’s Global Complex for Innovation (IGCI), opened in Singapore in 2015, is signalling that it’s up and running and able to make a difference – however emblematic. Cybercrime can be mitigated by technology, of course, but few doubt importance of going after it at the roots, both the servers and the people who run and profit from them. It’s a massive challenge because these people can base themselves anywhere in the world, and introducing legal hazard into their lives requires the sort of co-operation police forces and governments aren’t used to. Founded as long ago as 1923 as the International Criminal Police Commission (ICPC), Interpol is turning out to be a useful tool in the battle against cybercrime. Cybersecurity companies like it because its regional centres act as an independent broker that allows them to put aside commercial considerations. Police forces value it because it means they can have a relationship with one centre instead of possibly dozens of national operations. But its biggest significance is it gets the private and public sectors to work together, the former with intel and the latter with legal authority. Recent Interpol cybercrime operations have included disrupting the Avalanche botnet late last year, and the takedown of the Simda botnet two years ago. Between times were the arrests of individuals accused of being behind the infamous DD4BC DDoS extortion racket, and a global operation across Interpol’s divisions to rid the world of the one-million strong Dorkbot botnet. Only days ago, Europol’s European Cybercrime Centre (EC3) announced it had coordinated an operation between UK and Spanish police that saw the arrest of five people accused of distributing Remote Access Trojans (RATs) and keyloggers. We should interpret the identification of 8,800 C2 servers as good PR for Interpol but also, to quote Interpol’s chief superintendent Chan, “a blueprint for future operations”. Source: https://nakedsecurity.sophos.com/2017/04/27/discovery-of-8800-c2-servers-sends-warning-to-asian-cybercriminals/

View article:
Discovery of 8,800 servers sends warning to Asian cybercriminals

More than 400 DDos attacks identified using new attack vector – LDAP

Hackers use misconfigured LDAP servers – Connectionless Lightweight Directory Access Protocol (CLDAP) – to provide a means to launch DDoS attacks. More than 400 DDoS attacks taking advantage of misconfigured LDAP servers have been spotted by security researchers. CLDAP DDoS attacks use an amplification technique, which takes advantage of the Connectionless Lightweight Directory Access Protocol (CLDAP): LDAP is one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in many online servers. When an Active Directory server is incorrectly configured and exposes the CLDAP service to the Internet it is vulnerable to be leveraged to perform DDoS attacks. Since its discovery in October 2016, researchers at Corero Network Security have observed a total of 416 CLDAP DDoS attacks, most of which are hosting and internet service providers. The largest attack volume recorded was 33 Gbps, with an average volume of 10 Gbps. The attacks averaged 14 minutes long in duration. “These powerful short duration attacks are capable of impacting service availability, resulting in outages, or acting as a smoke screen for other types of cyber-attacks, including those intended for breach of personally identifiable data,” said Stephanie Weagle, vice president of marketing at Corero Network Security, in a blog post. Stephen Gates, chief research intelligence analyst from NSFOCUS, told SC Media UK that in the quest to find new means of launching DDoS attacks, hackers have once again found open devices on the Internet running weak protocols that can be exploited for their personal gain. “However, like any other reflective DDoS attack campaign, the number of available reflectors is of critical importance. In addition, the amplification factor those reflectors afford is the second stipulation,” he said. “In this case, the number of open devices on the Internet running CLDAP is relatively small, in comparison to open DNS and NTP reflectors; yet the amplification factor is respectable (~70x). Surely, this attack technique is new, but it is not the worse seen so far. This vector will likely be used in combination with other reflective attack techniques, and rarely used on its own. Until the world’s service providers fully implement BCP-38, similar discoveries and resulting campaigns will continue to plague us all.” Bogdan Botezatu, senior E-Threat analyst at Bitdefender, told SC that a CLDAP attack is designed around third parties: an entity running a misconfigured instance of CLDAP, a victim and an attacker. “The attacker would ask the CLDAP infrastructure to retrieve all the users registered in the Active Directory. Because the attacker makes this query look like it was initiated by the victim by replacing the originating IP address with the victim’s, the CLADP service will actually send the answer to the victim,” he said. “Subsequently, the victim finds itself being bombarded with the information they did not request. If the attacker can harness enough power, the victim’s infrastructure will crash under a load of unsolicited information.” He said that organisations could deploy strong, restrictive firewall policies for inbound traffic. “Load balancing and specialised hardware can also help organisations absorb the impact,” said Botezatu. Source: https://www.scmagazineuk.com/more-than-400-ddos-attacks-identified-using-new-attack-vector–ldap/article/652939/

View original post here:
More than 400 DDos attacks identified using new attack vector – LDAP

DDoS still the mainstay of Aussie cyber crime

New study finds denial of service still king despite ransomware rise. Distributed Denial of Service (DDoS) attacks are still the tool of choice for cybercriminals targeting Australian organisations despite the recent influx of ransomware. The study from NTT Group found that 22 per cent of all attacks targeting Australia were related to denial of service. This was only topped by service specific attacks at 23 per cent and was above website application attacks at 20 per cent. Locally, three industries were targeted in 81 per cent of all attacks, finance at 34 per cent, retail at 27 per cent and followed by business and professional services at 20 per cent. The study found that more than 93 per cent of malware detected in the country was some form of Trojan. Ransomware falls into the Trojan family and is the most prevalent form of malware attack in Australia. The country is also experiencing a change in attacks on applications according to the report with over 70 per cent of application attacks against local companies attempting remote code execution. The study analysed data collected from NTT Group’s operating companies, including NTT Security, Dimension Data, NTT Communications and NTT Data, and data from the Global Threat Intelligence Center (formerly known as SERT), between 1 October 2015 and 31 September 2016. The combined entities have a view of more than 40 per cent of global internet traffic. The report backed up findings from similar studies which showed ransomware is now the most prevalent form of cybercrime. Further, the study found that 77 per cent of ransomware analysed was targeting one of four market sectors. These Included: business and professional services (28 per cent); government (19 per cent), health care (15 per cent) and retail (15 per cent). The report also found that despite attention being paid to attacks on newer vulnerabilities, many cyber criminals rely on less technical means to achieve their objectives. The phishing email is still by far the dominant method for malware delivery, responsible for 73 per cent of all malware delivered to organisations, with government (65 per cent) and business and professional services (25 per cent) as the industry sectors most likely to be attacked at a global level. In terms of phishing attacks by country, the US leads the pack at 41 per cent, closely followed by The Netherlands with 38 per cent. France was in third place well behind the top two with 5 per cent. For industry specific attacks, finance was the most commonly attacked industry globally, subject to 14 per cent of all attacks. The finance sector was the only sector to appear in the top three across all geographic regions analysed, while manufacturing appeared in the top three in five of the six regions. Government (14 per cent) and manufacturing (13 per cent ) were the next two most commonly attacked industry sectors. “Our end goal is not to create fear, uncertainty and doubt or to over-complicate the current state of the threat landscape, but to make cybersecurity interesting and inclusive for anyone facing the challenges of security attacks, not just security professionals,” NTT Security Vice President Threat Intelligence & Incident Response, Steven Bullitt, said. “We want to ensure everyone is educated about these issues and understands that they have a personal responsibility when it comes to the protection of their organisation, and that the organisation has an obligation to help them do so,” he said. Source: https://www.arnnet.com.au/article/618243/ddos-still-mainstay-aussie-cyber-crime/

Link:
DDoS still the mainstay of Aussie cyber crime

8 DDoS Attacks That Made Enterprises Rethink IoT Security

Distributed Denial of Service Disasters The overall frequency of distributed denial of service (DDoS) attacks increased in 2016 thanks, in part, to Internet of Things botnets, according to information service provider Neustar. The company said it mitigated 40 percent more DDoS attacks from January through November, compared to the year earlier. Neustar warned that as botnet code assemblies are published, dangerous new DDoS developments will continue to emerge, such as persistent device enrollment, which enables botnet operators to maintain control of a device even after it’s rebooted. From colleges to entire U.S. regions, here are eight situations where vulnerable IoT devices brought down networks. DDoS Attack Affects U.S. College For 54 Hours A distributed denial of service attack on a college in February, recently made public by security firm Incapsula, affected that institution’s network for 54 hours straight. Incapsula recently revealed the attack, noting that the attackers seemed adept at launching application layer assaults on vulnerable IoT devices. “Based on a number of signature factors, including header order, header values and traffic sources, our client classification system immediately identified that the attack emerged from a Mirai-powered botnet,” according to an Incapsula spokesperson in a blog post. “Our research showed that the pool of attacking devices included those commonly used by Mirai, including CCTV cameras, DVRs and routers.” DDoS Attack Takes Down Netflix, Twitter An October DDoS attack – which was launched through IoT devices and blocked an array of websites – deepened the industry’s concerns over the security risk of the Internet of Things. The denial of service attack was launched through Internet of Things consumer devices, including webcams, routers and video recorders, to overwhelm servers at Dynamic Network Services (Dyn) and led to the blockage of more than 1,200 websites. The attack on Dyn, which connects users to websites such as Twitter and Netflix, came from tens of millions of addresses on devices infected with malicious software codes, knocking out access by flooding websites with junk data. DDoS Attack Through Vending Machines Hits University Verizon’s preview of its 2017 Data Breach Digest in February revealed that an unnamed university was hit by a DDoS attack launched through vending machines, lights, and 5,000 other IoT devices. According to Verizon, an incident commander noticed that “name servers, responsible for Domain Name Service (DNS) lookups, were producing high-volume alerts and showed an abnormal number of sub-domains related to seafood.” While administrators were locked out, the university intercepted “the clear text password for a compromised IoT device over the wire and then use that information to perform a password change before the next malware update.” DDoS Attacks Attempted Against Campaign Websites of Hillary Clinton And Donald Trump According to security firm Flashpoint, hackers attempted four Mirai botnet DDoS attacks in November against the campaign websites of Hillary Clinton and Donald Trump. According to Flashpoint, the company observed a 30-second HTTP Layer 7 (application layer) attack against Trump’s website, while the next day, it saw attacks against both Trump and Clinton’s campaign sites. While attacks were attempted, neither website observed or reported outages. “Flashpoint assesses with moderate confidence that the Mirai botnet has been fractured into smaller, competing botnets due to the release of its source code, which has led to the proliferation of actors exploiting the botnet’s devices,” a spokesperson wrote on Flashpoint’s website. BBC Domain Downed By By DDoS Attack On New Year’s Eve 2016, the BBC’s website was hit by a DDoS attack that downed its entire domain – including on-demand television and radio player – for more than three hours. While BBC originally said that it was undergoing a technical issue, the broadcaster’s news organization later said the outage was a result of a DDoS attack, according to “sources within the BBC.” Russian Banks Hit With Waves Of DDoS Attacks In November, at least five Russian banks, including Sberbank and Alfabank banks, were the victims of prolonged DDoS attacks that lasted over two days. According to Security Affairs, the attack came from a wide-scale botnet involving up to 24,000 computers and IoT devices that were located in 30 countries. The banks’ online clients services were not disrupted. According to security firm Kaspersky Lab, the incident was the first time that massive DDoS attacks hit Russian banks in 2016. Rio Olympics Organizations Hit By DDoS Attack Staged By LizardStresser Arbor Networks’ security engineering and response team revealed in a statement that several organizations affiliated with the Olympics came under “large-scale volumetric” DDoS attacks beginning in September 2015. “A large proportion of the attack volume consisted of UDP reflection and amplification attack vectors such as DNS, chargen, ntp, and SSDP, along with direct UDP packet-flooding, SYN-flooding, and application-layer attacks targeting Web and DNS services,” said Arbor Networks in a statement. According to Arbor Networks, a DDoS-for-hire service, called LizardStresser, staged most of the pre-Olympic attacks. Despite the attacks, Arbor Networks performed several mitigation measures to help Olympics administrators keep their systems running. Brian Krebs’ Website Experienced DDoS Attack In September 2016, security investigative reporter Brian Krebs’ information blog experienced a DDoS attack. The attack reportedly placed peak traffic at around 620 Gbps. Krebs determined a Mirai botnet was responsible for the attack: “The source code that powers the IoT botnet responsible for launching the historically large DDoS attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices,” he stated on his blog. “My guess is that (if it’s not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems,” said Krebs in the blog post. Source: http://www.crn.com/slide-shows/internet-of-things/300084663/8-ddos-attacks-that-made-enterprises-rethink-iot-security.htm

Original post:
8 DDoS Attacks That Made Enterprises Rethink IoT Security

Teenage hacker jailed for masterminding attacks on Sony and Microsoft

Adam Mudd jailed for two years for creating attack-for-hire business responsible for more than 1.7m breaches worldwide. A man has been jailed for two years for setting up a computer hacking business that caused chaos worldwide. Adam Mudd was 16 when he created the Titanium Stresser program, which carried out more than 1.7m attacks on websites including Minecraft, Xbox Live and Microsoft and TeamSpeak, a chat tool for gamers. He earned the equivalent of more than £386,000 in US dollars and bitcoins from selling the program to cyber criminals. Mudd pleaded guilty and was sentenced at the Old Bailey. The judge, Michael Topolski QC, noted that Mudd came from a “perfectly respectable and caring family”. He said the effect of Mudd’s crimes had wreaked havoc “from Greenland to New Zealand, from Russia to Chile”. Topolski said the sentence must have a “real element of deterrent” and refused to suspend the jail term. “I’m entirely satisfied that you knew full well and understood completely this was not a game for fun,” he told Mudd. “It was a serious money-making business and your software was doing exactly what you created it to do.” Mudd showed no emotion as he was sent to a young offender institution. During the two-day hearing, Jonathan Polnay, prosecuting, said the effect of Mudd’s hacking program was “truly global”, adding: “Where there are computers, there are attacks – in almost every major city in the world – with hotspots in France, Paris, around the UK.” The court heard that Mudd, who lived with his parents, had previously undiagnosed Asperger syndrome and was more interested in status in the online gaming community than the money. The court heard that the defendant, now 20, carried out 594 of the distributed denial of service (DDoS) attacks against 181 IP addresses between December 2013 and March 2015. He has admitted to security breaches against his college while he was studying computer science. The attacks on West Herts College crashed the network, cost about £2,000 to investigate and caused “incalculable” damage to productivity, the court heard. On one occasion in 2014, the college hacking affected 70 other schools and colleges, including Cambridge, Essex and East Anglia universities as well as local councils. Mudd’s explanation for one of the attacks was that he had reported being mugged to the college but claimed no action was taken. Polnay said there were more than 112,000 registered users of Mudd’s program who hacked about 666,000 IP addresses. Of those, nearly 53,000 were in the UK. Among the targets was the fantasy game RuneScape, which had 25,000 attacks. Its owner company spent £6m trying to defend itself against DDoS attacks, with a revenue loss of £184,000. The court heard that Mudd created Titanium Stresser in September 2013 using a fake name and address in Manchester. He offered a variety of payment plans to his customers, including discounts for bulk purchases of up to $309.99 for 30,000 seconds over five years as well as a refer-a-friend scheme. Polnay said: “This is a young man who lived at home. This is not a lavish lifestyle case. The motivation around this we tend to agree is about status. The money-making is by the by.” When he was arrested in March 2015, Mudd was in his bedroom on his computer, which he refused to unlock before his father intervened. Mudd, from Kings Langley in Hertfordshire, pleaded guilty to one count of committing unauthorised acts with intent to impair the operation of computers; one count of making, supplying or offering to supply an article for use in an offence contrary to the Computer Misuse Act; and one count of concealing criminal property. Ben Cooper, defending, appealed for his client to be given a suspended sentence. He said Mudd had been “sucked into” the cyber world of online gaming and was “lost in an alternate reality” after withdrawing from school because of bullying. Mudd, who was expelled from college and now works as a kitchen porter, had been offline for two years, which was a form of punishment for any computer-obsessed teenager, Cooper said. The “bright and high-functioning” defendant understood what he did was wrong but at the time he lacked empathy due to his medical condition, the court heard. Cooper said: “This was an unhappy period for Mr Mudd, during which he suffered greatly. This is someone seeking friendship and status within the gaming community.” But the judge said: “I have a duty to the public who are worried about this, threatened by this, damaged by this all the time … It’s terrifying.” Source: https://www.theguardian.com/technology/2017/apr/25/teenage-hacker-adam-mudd-jailed-masterminding-attacks-sony-microsoft

Link:
Teenage hacker jailed for masterminding attacks on Sony and Microsoft

How can you prepare for a cyber attack?

Keeping your data secure is more important than ever, but it seems like there’s a new wide-scale data breach every other week. In this article, David Mytton discusses what developers can do to prepare for what’s fast becoming inevitable. Cyber security isn’t something that can be ignored anymore or treated as a luxury concern: recent cyber attacks in the UK have shown that no one is immune. The stats are worrying – in 2016, two thirds of large businesses had a cyber attack or breach, according to Government research. Accenture paints a bleaker picture suggesting that two thirds of companies globally face these attacks weekly, or even daily. According to the Government’s 2016 cyber security breaches survey, only a third of firms have cyber security policies in place and only 10% have an emergency plan. Given management isn’t handling the threat proactively, developers and operations specialists are increasingly having to take the initiative on matters of cybersecurity. This article covers some essential priorities developers should be aware of if they want their company to be prepared for attack. Know your plan There’s no predicting when a cyber attack might come, whether it be in the form of a DDoS, a virus, malware or phishing. It’s therefore important to be constantly vigilant, and prepared for incidents when they do occur. Senior leadership in your company should be proactive when laying out a plan in the event of an attack or other breach, however this might not always be the case. No matter what your position is within your company, there are preemptive actions you can take on a regular basis to ensure that you’re adequately prepared. If you’re in an Ops team, make sure you’re encouraging your team to test your backups regularly. There’s little use having backups if you’re unable to actually restore from them, as GitLab learned to their detriment earlier in the year. Use simulations and practice runs to ensure that everyone on your team knows what they’re doing, and have a checklist in place for yourself and your colleagues to make sure that nothing gets missed. For example, a DDoS attack may begin with a monitoring alert to let you know your application is slow. Your checklist would start with the initial diagnostics to pinpoint the cause, but as soon as you discover it is a DDoS attack then the security response plan should take over. If you happen to be on-call, make sure you’ve got all the tools you need to act promptly to handle the issue. This might involve letting your more senior colleagues know about the issue, as well as requesting appropriate assistance from your security vendors. Communication is always one of the deciding factors in whether a crisis can be contained effectively. As a developer or operations specialist, it’s important to be vocal with your managers about any lack of clarity in your plan, and ensure that there are clear lines of communication and responsibility so that, when the worst does occur, you and your colleagues feel clear to jump into action quickly. Remember your limits It might sound obvious, but it’s worth remembering: in a cyber attack or catastrophic incident, there is only so much you yourself can do. Too many developers and operations staff fall prey to a culture of being ‘superheroes’, encouraged (often through beer and pizza) to stay as late as they can and work as long as possible on fixes to particular issues. The truth is, humans make mistakes. Amazon’s recent AWS S3 outage is a good example: swathes of the internet were taken offline due to one typo. If you’re on-call while a cyber attack occurs there’s no denying you’re likely to work long hours at odd times of the day, and this can put a real strain on you, both mentally and physically. This strain can make it much harder for you to actually concentrate on what you’re doing, and no amount of careful contingency planning can compensate for that. At Server Density we’re keenly aware that employee health and well being is critical to maintaining business infrastructure, especially in the event of a crisis. That’s why we support movements like HumanOps, which promote a wider awareness of the importance of employee health, from the importance of taking regular breaks to ergonomic keyboards. All too often people working in IT forget that the most business-critical hardware they look after isn’t servers or routers, it’s the health and well being of the people on the front lines looking after these systems. Cyber attacks are stressful on everyone working in an organisation, and the IT teams take the brunt of the strain. However, with careful planning, clear lines of delegation and an appreciation of the importance of looking after each other’s health, developers and operations specialists should be able to weather the storm effectively and recover business assets effectively. Source: https://jaxenter.com/can-prepare-cyber-attack-133447.html

Linksys Routers Vulnerable to DDoS Attack

Flaws in the routers’ firmware could let hackers access configuration settings and execute remote commands. Linksys said it’s working on a patch. Linksys this week identified several vulnerabilities in its router firmware that allow hackers to bypass authentication and perform denial of service (DDoS) attacks. The company said it is working on a fix for the vulnerabilities, which were discovered by security researchers at IOActive in January and affect more than two dozen models of Linksys wireless routers in the WRT and EAxxx series. IOActive found 10 separate issues in the Linksys firmware, including high-risk vulnerabilities that could let hackers exploit routers using default credentials to log in, view router settings, and execute remote commands. “Two of the security issues we identified allow unauthenticated attackers to create a Denial-of-Service (DoS) condition on the router,” IOActive researcher Tao Sauvage wrote in a blog post. “By sending a few requests or abusing a specific API, the router becomes unresponsive and even reboots. The Admin is then unable to access the web admin interface and users are unable to connect until the attacker stops the DoS attack.” The vulnerabilities, which are similar to those found in many other Internet of Things (IoT) devices, are particularly worrisome because they could be used in future attacks of the sort that took large swaths of the internet offline for several hours last fall. Sauvage said that “11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.” Linksys published a full list of the router models that are affected, and suggested that owners change the default password for their administrator account. The company said it is working to provide a firmware update for all of the affected models, but didn’t offer details on when it would be ready. Source: http://www.pcmag.com/news/353228/linksys-routers-vulnerable-to-ddos-attacks

View post:
Linksys Routers Vulnerable to DDoS Attack

New DDoS Attacks Use Far Fewer Infected Hosts

Akamai Technologies has identified a new attack method generating extremely large distributed denial of service (DDoS) attacks against educational institutions and other types of organizations but without the millions of infected hosts typically seen in these scenarios. In a threat advisory recently published by the content delivery network company’s security intelligence response team, researchers described a reflection and amplification method that can produce “significant attack bandwidth” through “significantly fewer hosts.” What’s required are open ports allowing LDAP traffic. The company’s security experts have detected and mitigated a total of 50 Connection-less Lightweight Directory Access Protocol (CLDAP) reflection attacks. CLDAP was intended as an “efficient alternative to LDAP queries done over Transmission Control Protocol (TCP). Most of the attacks seen in the wild used CLDAP reflection exclusively. Twice, education has been the target. However, the primary victims have been in the software and technology industry, where 21 attacks have taken place, and the gaming segment, which has had 15 attacks. The largest of the attacks hit its target with a peak bandwidth of 24 gigabits per second and a top count of packets per second of 2 million. The source port was 386, the port used by Lightweight Directory Access Protocol (LDAP). According to the report, signatures of the attack suggest that it’s “capable of impressive amplification.” For example, Akamai security people obtained sample malicious LDAP reflection queries that had a payload of only 52 bytes. Yet the attack data payload was 3,662 bytes, meaning that the amplification factor was 73. More typically, the average amplification rate was 57, according to the researchers. The attacks are launched using “attack scripts,” usually written in C and with only slight variations from one vector to another. When the script is run, the target IP becomes the source of all the 52-byte query payloads. These are then sent rapidly to every server in the supplied reflector list. From there, the CLDAP servers do as they’re designed and reply to the query. As a result, the report described, “the target of this attack must deal with a flood of unsolicited CLDAP responses.” The attack is “fueled” by the number of servers on the internet with port 389 open and listening. Once a server has been identified as a viable source, it’s added to the list of reflectors. The best mitigation, suggested the report, is to filter the port in question. “Ingress filtering of the CLDAP port from the internet will prevent discovery and subsequent abuse of this service,” the report noted. Another option is to apply rules, which won’t stop the outbreak, but will alert system administers when an attempt is made to use the systems as part of a reflection attack. Source: https://campustechnology.com/articles/2017/04/20/new-ddos-attacks-use-far-fewer-infected-hosts.aspx?admgarea=news

See more here:
New DDoS Attacks Use Far Fewer Infected Hosts