Tag Archives: var-username

IPv6 And The Growing DDoS Danger

IPv6 and the Internet of Things have arrived — and with them an enormous potential expansion for distributed denial-of-service (DDoS) attacks. The number of connected devices is growing exponentially, with one billion new IoT devices expected to ship this year alone. As such, IPv4 addresses have been exhausted, but IPv6 is on deck to address this concern. The new system allows for 2^128 IP addresses (in comparison, IPv4 only carried 2^32 possible IP addresses). So everything is fine, right? Sadly, no. While IPv6 will certainly aid in accommodating the growth of new connected phenomena, such as the Internet of Things (IoT), adoption at the moment is slow. And because IPv6 occupies such a relatively small space, Internet security implementations that take it into full consideration are also lagging. This leaves a lot of networks vulnerable to distributed denial of service (DDoS) attacks. DDoS attacks occur when Internet hackers use infected hosts to control connected devices remotely and make unwilling devices (bots) send malicious traffic to their target of choice. The target organizations are flooded with traffic, thus restricting or disabling service for legitimate traffic, or crashing the victim network. The most recent Verizon Data Breach Investigations Report noted: “Distributed denial-of-service attacks got worse again this year with our reporting partners logging double the number of incidents from last year…We saw a significant jump in…attacks [that] rely on improperly secured services, such as Network Time Protocol (NTP), Domain Name System (DNS), and Simple Service Discovery Protocol (SSDP), which make it possible for attackers to spoof source IP addresses, send out a bazillion tiny request packets, and have the services inundate an unwitting target with the equivalent number of much larger payload replies.” While most DDoS attacks do not, at present, involve IPv6, both the number and size of these attacks are rising, and IPv6 brings with it particular vulnerabilities. According to a recent CNET article: “First, with the relatively immature network infrastructure, many network operators don’t have the ability to scrutinize network traffic well enough to distinguish DDoS attacks from benign traffic. Second, gateways that link IPv4 and IPv6 must store lots of ‘state’ information about the network traffic they handle, and that essentially makes them more brittle.” The Internet of Things is also adding to the threat, according to an InfoSec Institute report “Internet of Things: How Much are We Exposed to Cyber Threats? The report, published earlier this year, cited the possibility of cyber criminals stealing sensitive information by hacking or compromising IoT devices to run cyberattacks against third-party entities using routers, SOHO devices or SmartTVs. “IoT devices manage a huge quantity of information, they are capillary distributed in every industry,” the report noted, “and, unfortunately, their current level of security is still low.” And therein lies the nightmare scenario. We now have IPv6, accompanied by immature visibility tools; gateways between IPv4 and IPv6 that are brittle and precarious; and the unprecedented proliferation of relatively unsecure IoT devices, replete with those brand-spanking-new IPv6 vulnerabilities, all creating ubiquitous potential fuel for botnets. The reality is precisely as desperate as it sounds. The best course of action to prepare for an onslaught of DDoS attacks exploiting IoT and IPv6 adoption is to ensure that your enterprise network security system can support the many connections from so many more connected devices. Also ensure the IPv6 support is on par with the IPv4-based feature set. Most attacks are carried out over IPv4, and by shifting over to IPv6, the attacker could bypass the defenses that only inspect IPv4 traffic. Meanwhile, IPv6-specific attack vectors have been reported IPv6 and the IoT have arrived, and with them comes an enormous expansion in DDoS attack potential. Source: http://www.darkreading.com/attacks-breaches/ipv6-and-the-growing-ddos-danger/a/d-id/1322942

Visit site:
IPv6 And The Growing DDoS Danger

Hackers infect MySQL servers with malware for DDoS attacks

Hackers are exploiting SQL injection flaws to infect MySQL database servers with a malware program that’s used to launch distributed denial-of-service (DDoS) attacks. Security researchers from Symantec found MySQL servers in different countries infected with a malware program dubbed Chikdos that has variants for both Windows and Linux. Don’t count on your ‘plain vanilla’ resume to get you noticed – your resume needs a personal flavor to This Trojan is not new and was first documented in 2013 by incident responders from the Polish Computer Emergency Response Team (CERT.PL). At that time the malware was being installed on servers after using brute-force dictionary attacks to guess SSH (Secure Shell) login credentials. However, the new attacks observed by Symantec abuse the user-defined function (UDF) capability of the MySQL database engine. UDF allows developers to extend the functionality of MySQL with compiled code. Symantec believes that attackers exploit SQL injection vulnerabilities in order to inject malicious UDF code in databases. They then use the DUMP SQL command to save the injected code as a library file that is later executed by the MySQL process. The malicious UDF code downloads and installs the Chikdos Trojan, which allows attackers to abuse the server’s bandwidth for DDoS attacks. The Symantec researchers found MySQL servers infected with Chikdos in many countries, including India, China, Brazil, Netherlands, the U.S., South Korea, Mexico, Canada, Italy, Malaysia, Nigeria and Turkey. The largest concentrations were in India and China, 25 and 15 percent respectively. During their analysis the researchers saw the servers being used to launch DDoS attacks against a U.S. hosting provider and a Chinese IP address. The reason for targeting MySQL servers is likely because their bandwidth is considerably larger than that of regular PCs, making them more suitable for large DDoS campaigns, the Symantec researchers said in a blog post. To prevent such attacks, website owners should avoid running SQL servers with administrative privileges and should follow best programming practices for mitigating SQL injection vulnerabilities, they said. Source: http://social-media-news.com/link/907984_hackers-infect-mysql-servers-with-malware-for-ddos-attacks

Read this article:
Hackers infect MySQL servers with malware for DDoS attacks

TalkTalk hack: 15-year-old boy arrested in Northern Ireland over DDoS attack

News stunned security experts who had assumed that Isis terrorists or major country had been behind the breach A boy of 15 has been arrested and questioned on suspicion of being the mastermind behind the TalkTalk data theft cyber attack. A team from Scotland Yard’s Cyber Crime Unit joined Police Service of Northern Ireland officers as they raided the teenager’s home in County Antrim. The boy was arrested on suspicion of Computer Misuse Act offences and taken to a nearby police station. News of the suspect’s age stunned security experts who had assumed that a group of Isis terrorists or a country such as Russia had been behind the massive breach. IT insiders said it would be a “gamechanger” if proven that a teenager operating from his bedroom could bring a global company to its knees. The Met said the property was being searched and inquiries by CCU detectives, the PSNI’s Cyber Crime Centre and the National Crime Agency are continuing. A spokesman said on Monday night: “An arrest has been made in connection with the investigation into alleged data theft from the TalkTalk website. At approximately 4.20pm, officers from the Police Service of Northern Ireland (PSNI), working with detectives from the Metropolitan Police Cyber Crime Unit, executed a search warrant at an address in County Antrim, Northern Ireland. The phone and broadband provider, which has four million customers, initially said last week that the “sustained” attack was a DDoS, a distributed denial of service attack where a website is bombarded with waves of traffic. When experts pointed out a DDoS attack would not explain the loss of data TalkTalk later indicated it had been hit by an attack known as an SQL injection – a technique where hackers gain access to a database by entering instructions in a web form. IT security experts had already expressed surprise at how a company the size of TalkTalk was still vulnerable to the method, as it is a well-known type of attack and there are relatively simple ways of defending against it. The company has been heavily criticised for its handling of the cyber attack – the third it has suffered in the last eight months, with incidents in August and February resulting in customers’ data being stolen. Following last week’s breach TalkTalk admitted that customers’ bank account and sort code details may have been accessed as some customers said money has gone missing from their accounts. TalkTalk said there is currently no evidence that customers’ bank accounts have been affected but it does not know how much customer information was encrypted. The company said it would contact all current customers and that an unknown number of previous customers may also be at risk. TalkTalk’s chief executive Dido Harding said last week the firm had received a ransom demand from someone claiming to be behind the cyber attack. Jesse Norman, chair of the Culture, Media and Sport Select Committee, is leading an inquiry into the alleged data breach. Cyber Security Minister Ed Vaizey had earlier told MPs that companies could face bigger fines for failing to protect customer data from such attacks. He said the Information Commissioner’s Office can already levy “significant fines” but told the Commons he was “open to suggestions” about how the situation could be “improved”. TalkTalk is facing a maximum fine of £500,000 but the SNP’s John Nicolson said the prospect was “clearly not terrifying” for a company with an annual revenue of £1.8 billion a year. Shares in the telecoms company fell more than 12 per cent on Monday extending its losses from last week when news of the attack first emerged. A statement from Talk Talk said: “We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the police. We will continue to assist with the ongoing investigation. “In the meantime, we advise customers to visit [our website] for updates and information regarding this incident.” Source: http://www.independent.co.uk/news/uk/home-news/talktalk-hack-boy-15-arrested-in-northern-ireland-over-attack-a6709831.html

Read the original:
TalkTalk hack: 15-year-old boy arrested in Northern Ireland over DDoS attack

Thai govt website DDoSed as CAT customer data leaked

Faced with a wave of DDoS attacks, a horde of hackers claiming to be Anonymous and major data leaks from state-owned CAT Telecom all in protest of Thailand’s Single Gateway surveillance program, ICT Minister Uttama Savanayana took to Twitter to reassure people that everything was in order and that we had nothing to fear because we have regular data backups. Yes, apparently regular backups and standards in data storage are the answer to a hack and data leak. The tweet was up for most of the weekend before he deleted it to save himself further embarrassment. To recap, a group claiming to be Anonymous issued a statement in the wee hours of Thursday morning to attack the Thai Government and in particular CAT Telecom for refusing to back down on Single Gateway internet super censorship and surveillance project which, despite promises from the Prime Minister that it was just a clerical error never existed, is forging ahead full steam. Since then at various moments, hackers have managed to temporarily take down an obscure army internal accounting website, the ICT Ministry and CAT Telecom. The Anons also posted screenshots of what they claimed was CAT customer data with names blanked out, taunting the ICT Minister by asking what data standard allows for plaintext storage of passwords. CAT Telecom initially responded by saying the information posted was false and that the hackers only tried to infiltrate CAT’s dealer network and did so unsuccessfully at that. The Anons responded with more CAT customer data and a screenshot of a login in CAT’s CRM module. One would have thought that this would have caused the junta to think twice about centralizing everything but no. The ICT Minister had the stage in the weekly two-minutes of hate propaganda show, sorry, I meant Thailand Moves Forward propaganda show, in which he extolled the virtues of a single Geoment Service Chanel [sic] which called for even more centralization. Half the jokes were of using designer clothing to serve the people the other, well, let’s just say that geo in Thai is a anatomical word that would not befit the pages of this publication. So apparently not only he totally clueless as to what a modern day hack is (by saying that he had backup) but he cannot use a spell checker. By Sunday, CAT’s My 3G self-service portal was still down, though whether it was from the attack or if someone pulled the plug as a precaution was anyone’s guess. However, that hardly made the social media circles. Why? Well, because despite oodles of taxpayer cash (roughly $1 billion each for CAT and TOT for their 3G networks, plus who knows how much more to run the network), CAT and TOT have between them less than 100,000 subscribers, none of which bothered to check their balance or top up over the weekend, it seemed. Also noteworthy was how servers in CAT’s data center had their latency and jitter both jump but again, that could be a routing issue rather than someone installing deep-packet-inspection gear. But was the hack actually from a real Anon? Anonymous is more of a state of mind that a club with a for formal job interview and membership cards. Anyone can claim to be an Anon. Their key tenets are anti-surveillance and anti-censorship, both of which the Thai Single Gateway are aimed at imposing. One developer who did not want to be identified told TelecomAsia that the hacks on Thai government websites were simply too easy. He sent a screenshot with a page of .go.th sites with old, unpatched mysql servers that were ripe for taking over. His point being, a script kiddie noob could have carried out hacks on these government websites and it did not require the skills of a true Anon. Source: http://www.telecomasia.net/blog/content/thai-govt-website-ddosed-cat-customer-data-leaked DDoS? Well, considering that Thai government websites cannot even stand up to use on a busy day without crashing, again, that hardly requires serious firepower. The CAT data breach also happened about a month ago if the rumors in the underground are to be believed. Talking about the underground, none of my shadier contacts know who did it the attack. Considering the rather small size of the Thai hacking community, this is odd. To further throw doubt on everything, the F5 hackers dared me over Twitter to double check a phone number in the CAT data breach to see if the data was real or made up. I did call up the number and he had no clue about being hacked and said he was not a CAT customer. Not looking good for the hackers then. To be fair I did try to ask if he was working at the company he was listed as working for but the chap hung up on me first, obviously annoyed at my questions. But perhaps the number had been reused (the phone line application with CAT was way back in August 2014), perhaps he never got the phone line and had totally forgot about it. Or maybe it was made-up data and the hacker thought I would not call to fact-check. At this juncture, my gut feeling is leaning towards this entire episode being a honey trap to lure out dissenters and convince the undecided of the need to give up further liberties so that the government can protect us from Anonymous. If so, that has worked wonders. Then there is the separate matter of the 231 pages of leaked documents that are a headache just to try and read through. Who leaked them and why? It is a curious mix of army and MICT secret documents which begs the question, who would even have access to both sets of documents in the first place? Very few. But regardless as to whether this initial hack was real or staged, the matter of the Thailand’s Single Gateway has now reached the eyes of Anons the world over. One wonders if they are planning a real attack soon.

View article:
Thai govt website DDoSed as CAT customer data leaked

TalkTalk DDoS Attack: Website hit by ‘significant’ breach

Police are investigating a “significant and sustained cyber-attack” on the TalkTalk website, the UK company says. The phone and broadband provider, which has over four million UK customers, said banking details and personal information could have been accessed. TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen. The Metropolitan Police said no-one had been arrested over Wednesday’s attack but enquiries were ongoing. TalkTalk said in a statement that a criminal investigation had been launched on Thursday. It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed: Names and addresses Dates of birth Email addresses Telephone numbers TalkTalk account information Credit card and bank details In the wake of the news, the company’s share price dropped by 10% in the first few hours after the London stock exchange opened at 08:00 BST. Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4’s Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks. He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers’ private information – although he stressed their claim was yet to be verified or investigated. Dido Harding, chief executive of the TalkTalk group, told BBC News the authorities were investigating and she could not comment on the claims. Cyber-attacks on consumer companies happen with mounting frequency, but TalkTalk’s speedy decision to warn all of its customers that their vital data is at risk suggests that this one is very serious indeed. We are being told that this was what’s called a DDoS – a distributed denial of service attack – where a website is hit by waves of traffic so intense that it cannot cope. What is not clear is why this would result in the loss of data rather than just the site going down. One suggestion is that the DDoS was a means of distracting TalkTalk’s defence team while the criminals went about their work. I’m assured that TalkTalk customers’ details, including banking information, were all being held in the UK rather than in some overseas data centre. What is less clear is the extent to which that data was encrypted. For TalkTalk, the cost to its reputation is likely to be very serious. Now it is going to have to reassure its customers that its security practices are robust enough to regain their trust. The TalkTalk website was now secure again and TV, broadband, mobile and phone services had not been affected by the attack, she added. The sales website and the “My account” services are still down but the company hopes to restore them on Friday. Ms Harding added: “It’s too early to know exactly what data has been attacked and what has been stolen,” she said. “Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well.” However, customers have expressed their frustration with what is the third cyber-attack to affect TalkTalk over the past 12 months. Sara Jones, from East Sussex, said she found out about the breach in the news. “I have not received a single piece of correspondence. The level of information is lacking. And to think this is Get Safe Online Week! “TalkTalk’s online advice is not proportionate to what has happened. Telling customers to “keep an eye on accounts” just does not cut it in terms of advice.” Daniel Musgrove, from Powys, said he had been unable to get through to TalkTalk customer services. “They may not get a payment for my next bill if they don’t get this sorted,” he added. In August, the company revealed its mobile sales site had been targeted and personal data breached. And in February, TalkTalk customers were warned about scammers who had managed to steal thousands of account numbers and names. The biggest risk is that customers’ details have been stolen and criminals try to impersonate them Dido Harding, TalkTalk group chief executive Ms Harding said: “Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can every company’s defences be stronger? “I’m a customer myself of Talk Talk, I’ve been a victim of this attack.” What should you do if you think you’re at risk? Report any unusual activity on your accounts to your bank and the UK’s national fraud and internet crime reporting centre Action Fraud on 0300 123 2040 or www.actionfraud.police.uk TalkTalk is advising customers to change their account password as soon as its website is back up and running – expected to be later on Friday – and any other accounts for which you use the same password Beware of scams: TalkTalk will not call or email customers asking for bank details or for you to download software to your computer, or send emails asking for you to provide your password TalkTalk said it had contacted the major banks asking them to look out for any suspicious activity on customers’ accounts. It added that every customer would be getting a year’s free credit monitoring. Ms Harding said: “The biggest risk is that customers’ details have been stolen and criminals try to impersonate them.” Professor Peter Sommer, an expert an cyber security, said TalkTalk’s rapid growth could be to blame for the breaches. “They are acquiring more customers and each of those customers wants to do more things and so they have to increase their capacity… but that’s an expensive exercise,” he told the BBC. Source: http://www.bbc.com/news/uk-34611857

See the original post:
TalkTalk DDoS Attack: Website hit by ‘significant’ breach

Attackers hijack CCTV cameras to launch DDoS attacks

Default and weak credentials on embedded devices can lead to powerful botnets We’ve reached a point that security researchers have long warned is coming: Insecure embedded devices connected to the Internet are routinely being hacked and used in attacks. Want to add a bunch of users without going out of your mind? We show you how to do that, and more. The latest example is a distributed denial-of-service (DDoS) attack detected recently by security firm Imperva. It was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras protecting businesses around the world instead of a typical computer botnet. The attack peaked at 20,000 requests per second and originated from around 900 closed-circuit television (CCTV) cameras running embedded versions of Linux and the BusyBox toolkit, researchers from Imperva’s Incapsula team said in a blog post Wednesday. When analyzing one of the hijacked cameras that happened to be located in a store close to the team’s office, the researchers found that it was infected with a variant of a known malware program designed for ARM versions of Linux that’s known as Bashlite, Lightaidra or GayFgt. While infecting computers with malware these days requires software exploits and social engineering, compromising the CCTV cameras that were used in this attack was very easy as they were all accessible over the Internet via Telnet or SSH with default or weak credentials. Insecure out-of-the-box configurations are a common issue in the embedded device world and have been for a long time. In 2013, an anonymous researcher hijacked 420,000 Internet-accessible embedded devices that had default or no login passwords and used them in an experiment to map the whole Internet. However, the problem is getting worse. The push by device manufacturers to connect things such as refrigerators or “smart” light bulbs to the Internet is largely done without consideration for security implications or an overhaul of outdated practices. As a result, the number of easily hackable embedded devices is growing fast. Shortly after the CCTV camera-based attack was mitigated, a separate DDoS attack was detected that originated from a botnet of network-attached storage (NAS) devices, the Imperva researchers said. “And yes, you guessed it, those were also compromised by brute-force dictionary attacks.” Source: http://www.computerworld.com/article/2996079/internet-of-things/attackers-hijack-cctv-cameras-to-launch-ddos-attacks.html

Continue Reading:
Attackers hijack CCTV cameras to launch DDoS attacks

UK e-tailers hit by suspected DDoS barrage

Scan Computers, Novatech and Aria Technology all encountered website disruption yesterday, with the latter confirming a Bitcoin-based DDoS attack was to blame. Aria Taheri, Aria’s eponymous boss, told CRN the firm’s website went down yesterday afternoon for a couple of hours as hackers sent an email demanding the payment of 16.66 Bitcoins (£2,871.43), otherwise they would try to bring the site down for the whole of Wednesday. Fellow e-tailers Novatech and Scan also took to Twitter to inform their customers that there had been problems with their sites, while CCL is another thought to have encountered issues. Scan Computers, Novatech and Aria Technology all encountered website disruption yesterday, with the latter confirming a Bitcoin-based DDoS attack was to blame. Aria Taheri, Aria’s eponymous boss, told CRN the firm’s website went down yesterday afternoon for a couple of hours as hackers sent an email demanding the payment of 16.66 Bitcoins (£2,871.43), otherwise they would try to bring the site down for the whole of Wednesday. Fellow e-tailers Novatech and Scan also took to Twitter to inform their customers that there had been problems with their sites, while CCL is another thought to have encountered issues. Novatech and CCL were unavailable for comment at the time of publication. Elan Raja III, Scan’s director, said: “Scan are aware there has been some disruption in traffic and is investigating the cause.” Taheri said he understood that the website disruption suffered by his competitors was caused by the same DDoS attack and believes other companies in his industry have also received ransoms for Bitcoins this week. Aria’s website was hit in a hack in February 2013 but caught the perpetrators last year after putting up a reward. Taheri is adopting the same tactic on this occasion, posting a £15,000 bounty ( pictured above ) for anyone who provides information to help police catch the hackers. He said the reward is much higher than the Bitcoin ransom because he wants to send a message to the hackers and due to the “principle” of the attack. He said he is not going to pay the ransom demanded as it would send out the wrong message. “These kinds of attacks are only designed to affect our website and make it inaccessible. However, [our customers’] information is 100 per cent secure as we are PCI DSS compliant which is quite a strict web-security protocol. Also, the website unavailability will last for only a short period – a matter of hours – so the customers can always come back at a later time. “We are not going to encourage more of these hackers by giving them Bitcoins, because that would only encourage others to come to us and blackmail us more. The message to the hackers is that I will spend a significant amount of money to bring them to justice. Our track record shows that we have done that before, and based on that track record I am fairly confident we can do that [again].” The attack the cybercriminals have threatened to carry out on Aria’s website tomorrow coincides with a “prime day” on which low prices are offered to customers, Taheri added. On the rise There has been a rise in the number of DDOS attacks demanding Bitcoin ransoms in recent months, with Bloomberg reporting that a cybercriminal group called DDoS for Bitcoin (Distributed Denial of Service for Bitcoin) – or DD4BC – blackmailed financial institutions by threatening to disrupt websites last month unless they paid Bitcoin ransoms. Taheri said the internet datacentre informed him that these kinds of attacks are “on the increase, and the frequency of it is going up at an alarming rate”. One source, who wished to remain anonymous, said the attack is similar to those launched by DD4BC, and could be from a group which is trying to emulate DD4BC. Source: http://www.channelweb.co.uk/crn-uk/news/2431257/uk-e-tailers-hit-by-ddos-barrage

Follow this link:
UK e-tailers hit by suspected DDoS barrage

Rossiya Segodnya Information Agency Suffers Major DDoS Attack

There was a major distributed-denial-of-service (DDoS) attack on Rossiya Segodnya International Information Agency resources, including the Sputnik website and newswire, the company’s IT department said Saturday. The attack restricted access to desktop and mobile versions of the Sputnik website. IT specialists managed to ensure the timely release of news pieces to the newswire clients. The agency’s press service said that IT specialists were working to establish the details of the attack that restricted access to desktop and mobile versions of the Sputnik website. “Rossiya Segodnya websites and mailing services were unavailable to users for two hours starting at 7:00 p.m. Moscow time [16:00 GMT],” the press service said. DDoS attacks are caused by a large number of Internet users or software simultaneously sending requests to a website until it exceeds its capacity to handle Internet traffic. The Sputnik site was unavailable for almost two hours. Source: http://sputniknews.com/art_living/20151017/1028682238/sputnik-ddos-attack.html

More:
Rossiya Segodnya Information Agency Suffers Major DDoS Attack

Anonymous cited in Web DDoS attacks at two Japan airports

A tweet purporting to be from Anonymous, a diffuse international collective of online hacker activists, warned of cyberattacks on the websites of two major airports earlier this month, police sources said Saturday. A day later, the web pages of Narita and Chubu airports were struck down. On Oct. 10, the website of Narita International Airport went down for about eight hours from around 2:30 a.m. after being overwhelmed by multiple-source traffic. The website of Chubu Centrair International Airport also became difficult to access for 8½ hours. Flights at the airports were unaffected. According to investigative sources from the Chiba and Aichi prefectural police, the Twitter post on Oct. 9 said attacks would be made on two major Japanese airports. It gave the addresses of Narita and Chubu airports. The sources said the websites of the two facilities apparently suffered “distributed denial of service” or DDoS attacks, which are intended to paralyze a targeted website by overwhelming it with high levels of traffic sent from multiple network sources. The website of the town of Taiji in Wakayama Prefecture experienced a similar cyberattack in September, which police suspect was made by Anonymous in protest of the town’s longtime practice of hunting of dolphins whereby the mammals are killed or captured after being herded into a cove. The slaughter has become a cause celebre for animal rights activists and others. Source: http://www.japantimes.co.jp/news/2015/10/17/national/crime-legal/anonymous-cited-in-web-outages-at-two-japan-airports/#.ViKA7St4AmQ

Visit site:
Anonymous cited in Web DDoS attacks at two Japan airports

oneZero outages the result of Chinese DDoS attacks

Continuing our exclusive coverage of the events unfolding at forex solutions provider oneZero, LeapRate has learned that the outages hitting oneZero and thereby some of its hosted clients over the past week are the result of distributed denial-of-service (DDoS) attacks being made against the company. After engaging multiple security contractors, the company has isolated the attacks and has determined that they originate out of China. A distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. It is the result of multiple compromised systems (for example a botnet) flooding the targeted system – usually one or more web servers – with traffic. The most serious attacks are distributed, meaning that the attack source is more than one (and often thousands) of unique IP addresses. Many of the cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. For these and other reasons, DDoS attacks are typically very effective and difficult to mitigate. oneZero management indicated to LeapRate that the attack against them has been made with a very high level of sophistication, but that the company is working very closely with security contractors and with its clients and expects the situation to be resolved. The attack against oneZero appears to be solely targeting connectivity, and has not at all affected the company’s own systems, so that no company or client data has been compromised. And so far, there has been no attempt to exploit the attack – DDoS hackers often try to blackmail their targets, requiring some sort of ransom to be paid in order to remove the attacks. Source: http://leaprate.com/2015/10/onezero-outages-the-result-of-chinese-ddos-attacks-leaprate-exclusive/

Read this article:
oneZero outages the result of Chinese DDoS attacks