Tag Archives: var-username

Linux botnet observed launching powerful DDoS attacks

Threat actors are leveraging a botnet made up of infected Linux machines to launch powerful distributed denial-of-service (DDoS) attacks against as many as 20 targets per day, according to Akamai’s Security Intelligence Response Team (SIRT). The botnet is composed of Linux machines infected with a stealthy trojan identified in 2014 as “XOR DDoS.” The threat was observed altering its installation depending on the victim’s Linux environment and running a rootkit to avoid detection. According to an advisory published on Tuesday, Akamai’s SIRT has seen DDoS attacks – SYN and DNS floods were the observed attack vectors – that reached anywhere from a few gigabits per second (Gbps) to nearly 179 Gbps. Although the advisory said that 90 percent of targets are located in Asia, Tsvetelin Choranov, security intelligence response engineer with Akamai’s SIRT, told SCMagazine.com in a Tuesday email correspondence that a very small number of attacks have been launched against entities in the U.S. “The target industries confirmed from our standpoint are online gaming and education,” Choranov said, adding, “We don’t have a defined number of systems infected by this malware. Some of the source IPs that we are seeing actively producing malicious traffic have spoofing capabilities.” The advisory noted that evidence suggests the malware is of Asian origin, but Choranov said that Akamai’s SIRT has not heard of anyone claiming responsibility for the DDoS attacks. He added that there is also no known reason for the attacks, such as extortion. Unlike a lot of malware, XOR DDoS is not spreading via exploitation of vulnerabilities. “Rather, it populates via Secure Shell (SSH) services that are susceptible to brute-force attacks due to weak passwords,” the advisory said. “Once login credentials have been acquired, the attackers [use] root privileges to run a Bash shell script that downloads and executes the malicious binary.” The advisory outlines two methods for detecting the malware. “To detect this botnet in your network, you can look for the communications between a bot and its C2, using the Snort rule shown in [the advisory],” the advisory said. “To detect infection of this malware on your hosts you can use the YARA rule [also in the advisory].” XOR DDoS is persistent, meaning it runs processes that will reinstall deleted files. Removing the threat involves identifying malicious files in two directories, identifying the processes responsible for persistence of the main process, killing those processes, and deleting the malicious files. “XOR DDoS malware is part of a wider trend of which companies must be aware: Attackers are targeting poorly configured and unmaintained Linux systems for use in botnets and DDoS campaigns,” the advisory said. Source: http://www.scmagazine.com/linux-botnet-observed-launching-powerful-ddos-attacks/article/441750/

Originally posted here:
Linux botnet observed launching powerful DDoS attacks

New DDoS attack uses smartphone browsers to flood site with 4.5bn requests

Researchers have found that smartphone browsers can deliver a powerful flooding attack. Researchers suspect a mobile advertising network has been used to point hundreds of thousands of smartphone browsers at a website with the aim of knocking it offline. According to distributed denial-of-service protection service CloudFlare, one customer’s site recently came under fire from 4.5 billion page requests during a few hours, mostly from smartphone browsers on Chinese IP addresses. As CloudFlare’s Marek Majkowski notes, browser-based ‘Layer 7? flood attacks have been viewed as a theoretical threat for several years, but haven’t become a reality due to difficulties in efficiently distributing malicious JavaScript to force a large number of browsers to make HTTP requests to a targeted site. Security researchers have previously suggested web ads as an efficient way to distribute malicious JavaScript. Analysing the log files, Majkowski found the smartphone browser attack peaked at over 275,000 HTTP requests per second, with 80 percent coming from mobile devices and 98 percent from a Chinese IP address. The logs also reveal mobile versions of Safari, Chrome, Xiaomi’s MIUI browser, and Tencent’s QQBrowser. “Strings like ‘iThunder’ might indicate the request came from a mobile app. Others like ‘MetaSr’, ‘F1Browser’, ‘QQBrowser’, ‘2345Explorer’, and ‘UCBrowser’ point towards browsers or browser apps popular in China,” Majkowski said. Majkowski speculates that the attack was made possible by an ad network, and believes the reason so many mobile browsers visited the attack page hosting the malicious JavaScript was due to ads shown in iframes, either in mobile apps or mobile browsers. Here’s how the attack works: when a user opens an app or browses the web, they are served an iframe with an ad whose content was requested from an ad network. The ad network then forwards the request to a third-party that successfully bids for that inventory and then forwards the user to an attack page. “The user was served an attack page containing a malicious JavaScript which launched a flood of XHR requests against CloudFlare servers,” explained Majkowski. The attack site itself hosting the malicious JavaScript included instructions to launch an XHR in a loop. Source: http://www.zdnet.com/article/new-ddos-attack-uses-smartphone-browsers-to-flood-site-with-4-5bn-requests/

Hacker Exfocus Blamed For Knocking Rutgers University Offline With DDoS Attack, Even After Expensive Upgrade

Someone is tormenting Rutgers University. The New Jersey school announced Monday it was fending off a distributed denial-of-service attack that crippled its Internet and Wi-Fi access. The latest cyberattack on a major U.S. research institution comes after a number of similar hacks against Rutgers, a school of approximately 65,000 undergraduate students. “We are currently experiencing a denial-of-service event affecting Internet connectivity and Wi-Fi access,” Rutgers said on its Facebook page. “OIT is working to resolve the issue, and we will inform the Rutgers community as soon as we have more information.” The outage also affected Sakai and eCollege, two online learning tools used to administer homework, tests and other communication, according to student complaints on social media. A previous outage limited the school’s ability to accept credit cards. It appears to be the first attack on Rutgers since the university invested $3 million to better protect its computer networks after at least four attacks during the past school year. That upgrade was the primary reason Rutgers raised tuition and fees by 2.3 percent for the 2015-16 school year, NJ.com reported in August, with a hacker known as Exfocus claiming responsibility for the problems. “Honestly, I am sitting here dumbfounded at the amount of incompetence displayed once again by the Rutgers IT department,” Exfocus wrote in a post on Pastebin in April. “I could run circles around all of you with my eyes closed, and one leg amputated.” A DDoS attack occurs when a hacker takes control of thousands (or millions) of computers and aims them at a single server, overwhelming that network with traffic and ultimately knocking it offline. Similar methods have been used by the Chinese government and the Anonymous hacking collective. Exfocus tweeted: “Did you miss me?” before deleting the message Monday. Student chatter on the anonymous Yik Yak social network also said Exfocus had been bragging there, though the most anyone seems to know about Exfocus came in an interview where he said he was being paid in bitcoin by someone with a grudge against the school. “When I stop getting paid — I’ll stop DDoSing lol. I’m hoping that RU will sign on some DDoS mitigation provider. I get paid extra if that happens,” Exfocus told APollonsky.me before being asked if he wished to share anything else with the Rutgers community. “I’m a fan of Taylor Swift.” Source: http://www.ibtimes.com/hacker-exfocus-blamed-knocking-rutgers-university-offline-ddos-attack-even-after-2117247

Anonymous Launches DDoS Attacks Several Saudi Arabian Websites, Brings Focus to a Teen’s Execution #OpNimr

In taking a stand and making a direct protest against the death sentence handed in 2012 to a 17-year old teenager Mohammed al-Nimr, Anonymous has crippled multiple Saudi Arabian government websites. It is a case described as “a possible breach of international law,” by a group of UN human rights experts. Ali Mohammed al-Nimr was arrested and sentenced to death after being accused of partaking in pro-democracy demonstrations during the Arab Spring of 2012. At the time, Nimr was 17. In joining the international outcry against the sentence of execution by beheading and crucifixion, hacktivist group Anonymous has taken down multiple Saudi Government websites with an operation called #OpNimr. The hashtag has since gone viral and adopted by activists around the world. #OpNimr Anonymous announced #OpNimr by inundating government websites with DDoS attacks and taking them offline, along with the following video that demanded the release of Nimr. The statement released on the video said: Ali Mohammed al-Nimr, an innocent young teenage boy has been sentenced to death in Saudi Arabia and we will not stand by and watch. “Hundreds of innocent people die each year because of the Saudi Government, and they (the Saudi Government) will now be punished for their actions,” Anonymous said. Nimr’s final appeal against his execution was dismisbsed by Saudi courts in September 2014 for his part in attending a rally during the Arab Spring. At the time, a Saudi court judgement read: “[Nimr] encouraged pro-democracy protests [using] a Blackberry.” “Naturally, the sentence was appealed but the appeal hearing was held in secret and apparently dismissed,” added Anonymous in their video message. A second video was released by Anonymous days after their first, this time directly addressing King Salman and the Saudi Arabian Government. “13 judges have already approved the death sentence of Ali Mohammed al-Nimr, meaning only King Salman bin Abdulaziz Al Saud has to approve it,” Anonymous said. We cannot and will not allow this to happen. The Ministry of Justice was taken offline a few days ago, and we will continue to do this to other government websites. Some of the websites taken down include: The Ministry of Justice (saudinf.com) The Ministry of Civil Service (mcs.gov.sa) The General Administration of Education (tabukedu.gov.sa) Saudi Airlines (saudiairlines.com) A complete list of the targeted websites has been published by Anonymous in Pastebin, here. “We hope you listen to us this time and release the young man. You will be treated as a virus, and we are the cure,” concluded Anonymous in their statement. Several activist groups and human rights groups including Amnesty International have claimed that Nimr was not granted the means to a lawyer and that he was forced into signing a “confession” after suffering torture by prison officers. At the time, a Saudi court judgement read: [Nimr] encouraged pro-democracy protests [using] a Blackberry. Amnesty International recently released a report that proclaims Saudi Arabia as “one of the most prolific executioners in the world.” Between January 1986 and June 2015, at least 2,200 known people were executed, half of whom were foreign nationals. Executions were carried out for “crimes” such as witchcraft, sorcery and adultery. According to news reports, Saudi Arabia will imminently behead and then crucify Al Nimr, now 20, today or later this week. Source: https://hacked.com/anonymous-attacks-several-saudi-arabian-websites-brings-focus-teens-execution-opnimr/

More:
Anonymous Launches DDoS Attacks Several Saudi Arabian Websites, Brings Focus to a Teen’s Execution #OpNimr

Hackers Used Imgur to Launch DDoS Attacks on 4chan

A Reddit user has uncovered a covert method of carrying DDoS attacks on 4chan’s infrastructure using images hosted on Imgur, via Reddit. According to Reddit user rt4nyp, who discovered the vulnerability, every time an Imgur image was loaded on the /r/4chan sub-reddit, over 500 other images were also loaded in the background, images hosted on 4chan’s CDN. Since traffic on 4chan is quite huge as is, getting some extra connections from Reddit pushed 4chan’s servers over the edge, crashing them several times during the day. Additionally, 8chan, a smaller 4chan spin-off, was also affected and suffered some downtime as well. Malicious code was being loaded with Imgur images Reddit user rt4ny was alerted that something was amiss when he noticed that Imgur images on Reddit were loaded as inlined base64 data. Taking a closer look at the base64 code, he observed that a small piece of JavaScript code was added at the end, which had no business being there. This code secretly stored the “axni” variable in the browser’s localStorage, which was set to load another JavaScript file from “4cdns.org/pm.js.” This is not 4chan’s official CDN, but a domain registered to closely resemble the real deal, which was taken down in the meantime. When refreshing the original image that loaded the “axni” variable, the malicious code would not be loaded again, a measure taken to avoid detection. Additionally, also to avoid detection, the JS file stored on “4cdns.org/pm.js” could not be loaded directly in the browser. Loading 500+ 4chan images inside a hidden iframe Analyzing the pm.js file, rt4ny found that it loaded an iframe outside the user’s view with the help of some clever CSS off-screen positioning tricks, inside which the hundreds of 4chan images were being loaded, along with a 142 KB SWF file. Imgur was contacted about this issue, and fixed it on the same day. “Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur,” said the Imgur team. “From our team’s analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on Reddit.com using Imgur’s image hosting and sharing tools.” It’s a sad day for humanity when we see hackers combine the three best sites on the Internet to find cat GIFs into such wicked and immoral ways. Source: http://news.softpedia.com/news/hackers-used-imgur-to-launch-ddos-attacks-on-4chan-492433.shtml

See the original post:
Hackers Used Imgur to Launch DDoS Attacks on 4chan

Prepare a new dossier! Pakistan’s cyber Mujahideen hit India

A month before Pakistan’s ceasefire violation on the eve of Independence Day, a silent battle was raging in Mumbai’s financial district. Two large private banks, a retail brokerage and a state-owned lender faced a cyberattack from hackers across the border that seriously slowed down all online customer transactions. In the world of cybercrime, such attacks, which could be mistaken as normal traffic overload on the Net, are known as ‘distributed denial of service’ or DDoS. Spread across the world, hackers, either sympathetic to lost causes or indulging in the game of extortion, virtually ‘take over’ thousands of computers in diverse destinations before unleashing a DDoS strike. As computers that are hacked into start behaving as robots – or, ‘botnet’ in cyberparlance, the hackers divert traffic from these terminals to clog the systems of targets like banks and even e-commerce firms. A bank that is invaded may be unaware of the attack and even take a while to sense that customers are struggling to put through a simple net banking fund transfer or credit card payment. The July attack On that day in July, it was no different. The financial institutions received advisory on the DDoS attack from the government’s Computer Emergency Response Team (CERT). Also, there were alerts that more attacks could follow over the next few hours, said a cybercrime expert. Speaking to ET on condition of anonymity , one of the senior most officials in the government’s cybersecurity establishment said, “There was an attack but this was effectively countered. Often these things are done with the intention to blackmail … But we have the systems to handle it. There have been finance ministry and RBI instructions to banks for taking necessary measures to protect against DDoS strikes.” According to cybersecurity head in one of the largest Indian banks, since April there have been several advisories from government agencies like CERT and National Critical Information Infrastructure Protection Centre on DDoS. “In a DDoS attack, if a bank can block the bogus traffic diverted by a hacker for the first 15 minutes, then the attacker typically moves away to a weaker target. But if an institution is unable to resist, then the attacker may demand ransom. Rogue hackers in places like Nigeria and East Europe want to be paid in Bitcoin. Since Bitcoin is based on what is known as block-chain technology, fund transfers leave no trail.” Safety measures As precaution, no bank, to begin with, should depend on a single internet service provider (ISP), he said. “Besides, banks are beginning to invest in anti-DDOS high-end appliances. Some are carrying out mock drills to test the technology. Here, a flood of traffic is diverted to banks’ own websites to figure out whether the ISP and banks’ internal cybersecurity teams are adequately alert,” said the banker who refused to be named. Until a hack attack is obvious, companies in India typically keep such incidents under wrap as regulators do not insist on mandatory reporting of security breach. Some of the US-listed Indian entities are even more reticent: Since a cyberattack is rarely disclosed due to fear that it could scare away customers, it becomes more difficult to admit the breach later. In DDoS attack, including the current one, there is no data compromise or cash theft. “The timing of the event suggests that it could be handiwork of some of the Pakistani hackers who may be located in the US and Europe. Typically, they are active before big festivals or in the run up to Independence Day or Republic Day. They have a specific point to prove,” said an ethical hacker, who advises several companies and agencies on cybersecurity . Types of hackers According to him, there are three broad types of hackers, differentiated by motives. First, the financially motivated cybercriminal, who are usually from Eastern Europe and are interested in stealing credit card information, or engage in identity theft etc. They are highly organized, infect thousands of systems across the globe in order to achieve their objectives, and even ‘rent’ access to an infected computer for an hourly fee for conducting DDoS. The second type are hacktivists or politically motivated hackers whose sole interest is in furthering a political agenda by defacing a site, or bringing a site down through DDoS attacks. Pakistani hackers fall in this category . The third and the most serious type are nation state attackers involved in corporate espionage. They gain access to competing companies in order to steal business strategy and intellectual property. Chinese hackers are well-known for this. Source: http://timesofindia.indiatimes.com/tech/tech-news/Prepare-a-new-dossier-Pakistans-cyber-Mujahideen-hit-India/articleshow/48739013.cms?

View post:
Prepare a new dossier! Pakistan’s cyber Mujahideen hit India

DDoS attacks are getting much more powerful and the Pentagon is scrambling for solutions

No wonder the Pentagon has announced it’s working on a plan to fund tools and researchers to help organizations defend themselves against the pervasive threat of cyber assaults known as distributed denial-of-service (DDoS) attacks. In recent days, the agency said it’s looking to fund researchers who can come up with tools as part of a program starting next April that would, among other things, help organizations recover from DDoS attacks in a maximum of 10 seconds. And the acknowledgement of that hunt for researchers for the program, called Extreme DDoS Defense, arguably comes not a moment too soon. A few new industry reports are out that show the number of DDoS attacks is trending upward, even hitting new highs. Their provenance and targets take many forms – from organized, malicious hackers targeting sophisticated organizations to more isolated incidents where, experts say, the intent is to just find a weakness somewhere, anywhere. But the result is a kind of cyber blitz that’s growing in number and aggressiveness. New York Magazine was among those organizations recently hit by a DDoS attack, and at a critical moment. After publishing the blockbuster results of an interview with 35 women who’ve accused Bill Cosby of sexually assaulting them, the magazine’s website was knocked offline by what appeared to be a DDoS attack. Attacks like those, said Incapsula co-founder Marc Gaffan, are not only on the rise but “have essentially been going up for the last two years, quarter over quarter.” His company is a cloud-based application delivery service. According to another cloud services provider, Akamai Technologies, DDoS attacks were up 132% in the second quarter compared to the same period in 2014. During the period between April and June this year, Akamai’s research also found 12 attacks it described as “mega attacks” – which peaked at more than 100 gigabits per second and 50 million packets per second. What’s more, the company said, few organizations are able to mount a strong enough defense to keep attacks like that at bay. “The threat posed by distributed denial of service (DDoS) and web application attacks continues to grow each quarter,” said John Summers, vice president of Akamai’s cloud security business unit. “Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.” Once upon a time, Gaffan said, the attacks were largely the work of hackers looking to make a name for themselves, to make some larger point or to go after a controversial target to inflict some degree of discomfort. “They’re also about extortion and ransom,” Gaffan said. “They can be used to stoke competitive feuds, as well as a diversion for a larger attack. When it comes to extortion, attackers are looking online for businesses who’d suffer significantly if their website is down. Most companies don’t pay the ransom. “Often, we also see ransom numbers so small, they try to make it low enough that it’s a no-brainer for organizations to pay. Companies also hire DDoS gangs to take competitors down. There was one organization that came to us and said, ‘We were attacked.’ Two minutes later, a competitor put on Twitter that they were going out of business, and that’s why their site was down.” Such attacks continue to be a costly problem for the organizations that end up as targets. The Q2 2015 Global DDoS Threat Landscape from Incapsula showed, of network layer DDoS attacks, the longest during the quarter lasted 64 days. A little more than 20% of all attacks lasted over five days. The report based its data on 1,572 network layer and 2,714 application layer DDoS attacks on websites using Incapsula services from March 1st through May 7th. According to the organization’s DDoS Impact Survey, an attack on average costs a business $40,000 per hour. Implications include the loss of consumer trust, data theft, intellectual property loss, and more, according to the report. The report went on to note the longest application layer attack it found lasted for eight straight days. The average duration stretched for just over two and a half hours. And in the second quarter, almost 15% of all application layer DDoS traffic came from China, followed by Vietnam, the U.S., Brazil and Thailand. “What is most disconcerting is that many of these smaller assaults are launched from botnets-for-hire for just tens of dollars a month,” the organization’s threat landscape report reads. “This disproportion between attack cost and damage potential is the driving force behind DDoS intrusions for extortion and vandalism purposes.” Meanwhile, Arbor Networks Inc., a provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, found similar results. Its just-released Q2 2015 global DDoS attack data shows growth in the average size of attacks, with 21 percent of attacks during the quarter topping 1 gigabit per second. “One thing we see a lot of is just probing, just hitting the network as hard as they can to see where it will fall down,” said Gary Sockrider, principal security technologist at Arbor. “Another is where this is used for extortion. Where the business model is ok, now we’ve done this – pay us money.” Sockrider continued, “The lesson to take is this isn’t just a service provider problem. It’s no longer sufficient to leave it to deal with upstream. It’s everybody’s problem. You have to understand that threat, that you are a potential target, and bake that into your business resiliency planning.” Source: http://bgr.com/2015/08/31/ddos-attacks-report-2015-trends/

View post:
DDoS attacks are getting much more powerful and the Pentagon is scrambling for solutions

Six teens arrested in UK for using hacking group’s paid DDoS service

Six teenagers were arrested by British police on suspicion of attacking websites, the country’s National Crime Agency (NCA) announced on Friday. The teenagers were users of the hacking group Lizard Squad and used the Lizard Stresser tool, software that allowed them to pay to take websites offline for up to eight hours at a time, according to an NCA statement. The tool works by using Distributed Denial of Service (DDoS) attacks, which flood web servers or websites with massive amounts of data, leaving them inaccessible to users. Those arrested in the operation coordinated by NCA were all teenage boys aged from 15 to 18, while two other suspected users of Lizard Stresser were arrested earlier this year, the NCA said. The suspects are thought to have maliciously deployed Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous, the NCA also said. Organizations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies, and a number of online retailers, according to the NCA. Lizard Squad became a well-known hacking group last year after it claimed responsibility for taking down the PlayStation Network and Xbox Live. The group later launched the Lizard Stresser tool. “By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services,” said Tony Adams, head of investigations at the NCA’s National Cyber Crime Unit. Officers are also visiting some 50 addresses linked to individuals registered on the Lizard Stresser website, but who are not currently believed to have carried out attacks. A third of the individuals identified are under the age of 20, according to the NCA. “One of our key priorities is to engage with those on the fringes of cyber criminality to help them understand the consequences of cyber crime, and how they can channel their abilities into productive and lucrative legitimate careers,” said Adams. Source: http://www.globalpost.com/article/6638281/2015/08/28/six-teens-arrested-uk-using-hacking-groups-paid-ddos-service

See the original article here:
Six teens arrested in UK for using hacking group’s paid DDoS service

BitTorrent patches reflective DDoS attack security vulnerability

A vulnerability which could divert traffic to launch cyberattacks has been mitigated two weeks after public disclosure. BitTorrent has taken rapid steps to mitigate a flaw which could divert user traffic to launch reflective DDoS attacks. The flaw, reported by Florian Adamsky at the USENIX conference in Washington, D.C., affects popular BitTorrent clients such as uTorrent, Mainline and Vuze, which were known to be vulnerable to distributed reflective denial-of-service (DRDoS) attacks. According to the researchers from City University London, BitTorrent protocols could be exploited to reflect and amplify traffic from other users within the ecosystem — which could then be harnessed to launch DRDoS attacks powered up to 120 times the size of the original data request. Successful distributed denial-of-service (DDoS) and DRDoS attacks launched against websites flood domains with traffic, often leaving systems unable to cope with the influx and resulting in legitimate traffic being denied access to Web resources. The team said in a paper (.PDF) documenting the vulnerability that BitTorrent protocols Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE) and BitTorrent Sync (BTSync) are exploitable. On Thursday, Vice President of Communications at BitTorrent Christian Averill said in a blog post no attack using this method has been observed in the wild and as the researchers informed the BitTorrent team of the vulnerability ahead of public disclosure, this has given BitTorrent the opportunity to “mitigate the possibility of such an attack.” Francisco De La Cruz, a software engineer from the uTorrent and BitTorrent team, wrote a detailed analysis of the attack and the steps the company has taken to reduce the risk of this vulnerability. The vulnerability lies within libµTP, a commonly used tool which can detect network congestion and automatically throttle itself — a useful feature when BitTorrent clients are being used on home networks. However, the way libµTP handles incoming connections allows reflectors to accept any acknowledgement number when receiving a data packet, which opens the doorway to traffic abuse. The success of a DRDoS relies on how much traffic an attacker can direct towards a victim, known as the Bandwidth Amplification Factor (BAF). The higher the BAF, the more successful the attack. In order to reduce the BAF ratio and mitigate the security issue, BitTorrent engineers have ensured a unique acknowledgement number is required when a target is receiving traffic. While this can still be guessed, it would be difficult and time-consuming to do so for a wide pool of victims. De La Cruz said: “As of August 4th, 2015 uTorrent, BitTorrent and BitTorrent Sync clients using libµTP will now only transition into a connection state if they receive valid acknowledgments from the connection initiators. This means that any packets falling outside of an allowed window will be dropped by a reflector and will never make it to a victim. Since the mitigation occurs at the libµTP level, other company protocols that can run over libµTP like Message Stream Encryption (MSE) are also serviced by the mitigation.” Regarding BTSync, BitTorrent says the severity of the vulnerability — even before recent updates were applied to the protocol — mitigated the risk of this vulnerability. In order to exploit the security weakness, an attacker would have to know the Sync user, identifiers would have to be made public, and the protocol’s design ensures that peers in a share are limited — keeping the potential attack scale down. According to the BitTorrent executive, the protocol therefore would “not serve as an effective source to mount large-scale attacks.” Averill commented: “This is a serious issue and as with all security issues, we take it very seriously. We thank Florian for his work and will continue to both improve the security of these protocols and share information on these updates through our blog channels and forums.” Source: http://www.zdnet.com/article/bittorrent-patches-reflective-ddos-attack-security-vulnerability/

Read the original post:
BitTorrent patches reflective DDoS attack security vulnerability

DARPA wants to take the sting out of DDoS attacks

While posing a minor inconvenience compared to other more malicious cyberattacks, distributed denial of service attacks post enough of a threat that the Defense Advanced Research Projects Agency nonetheless is looking for innovative approaches to mitigate their effects. The Extreme DDoS Defense (XD3) program is looking to the private sector for “fundamentally new DDoS defenses that afford far greater resilience to these attacks, across a broader range of contexts, than existing approaches or evolutionary extensions,” according to a recent broad agency announcement. While this BAA does not include detection and mitigation of DDoS-related malware on hosts or networked devices, DARPA listed five technical areas for which contractors can submit responses that focus on lessening the effect of DDoS attacks and improving recovery time. For example, the solicitation seeks proposals to: Devise and demonstrate new architectures that physically and logically disperse these capabilities while retaining (or even exceeding) the performance of traditional centralized approaches. Develop new cyber agility and defensive maneuver techniques that improve resilience against DDoS attacks by overcoming limitations of preconceived maneuver plans that cannot adapt to circumstances and exploring deceptive approaches to establish a false reality for adversaries. Produce a response time of 10 seconds or less from attacks and at least a 90 percent recovery in application performance compared with hosts that do not have XD3 capabilities. DARPA believes XD3 concepts can be leveraged by the military, commercial network service providers, cloud computing and storage service providers and enterprises of all sizes. Given the threat and array of targets DDoS attacks pose, XD3 BAA responses will consider a wide range of network and service contexts, such as enterprise networks, wide?area networks, wireless networks, cloud computing and software-defined networks, to name a few. The response date is Oct. 13, 2015, and the proposers day will be held on Sept. 2, 2015. Source: http://gcn.com/articles/2015/08/26/darpa-xd3-ddos.aspx

See more here:
DARPA wants to take the sting out of DDoS attacks