Tag Archives: var-username

DDoS attacks losing companies business opportunities

Research said organisations fear losing contracts and ongoing business as a consequence Research by Kaspersky has revealed businesses  fear losing clients as a result of DDoS attacks, although the construction industry is more concerned about the cost of eradicating threats. A survey conducted by the security firm in partnership with B2B International revealed 26 per cent of companies  thought the problems caused by such attacks were long-term, meaning they could lose current or prospective clients as a result. 23 per cent said they were concerned a DDoS attack would cause reputational issues, while 19 per cent thought the risk of losing current customers who were not able to access services as a result of an outage was the biggest threat to business . The research revealed that only 37 per cent of the companies surveyed had measures already in place to protect against DDoS attacks. Evgeny Vigovsky, head of Kaspersky DDoS Protection at Kaspersky said: “ People who have not yet faced a particular threat often tend to underestimate it while those who have already experienced it understand which consequences might be the most damaging for them. “However, it makes little sense to wait until the worst happens before acting – this can cost companies a lot, and not only in financial terms. That is why it is important to evaluate all possible risks in advance and take appropriate measures to protect against DDoS attacks.” Of those surveyed, the majority of telecoms, e-commerce, utilities, utilities and industrial companies viewed the loss of business as the main DDoS risk, while construction and engineering verticals explained they were concerned about the cost of implementing  backup systems most. Source: http://www.itpro.co.uk/security/24245/ddos-attacks-losing-companies-business-opportunities

More here:
DDoS attacks losing companies business opportunities

Anonymous to BBC: Bring back Clarkson, threatens DDoS attack

The recent story involving our favorite power-mad petrol head Jeremy Clarkson’s suspension from the BBC has us all on the edge of our seats, as this latest controversy not only puts his future on Top Gear on shaky ground, but jeopardizes the show’s future in general. Many people have shown him support, from an online petition to British Prime Minister David Cameron saying he’s a fan. Clarkson’s got friends in high places, it seems, but according to a report, he’s got friends in low places, too. To recap how this all started, Clarkson allegedly threw a punch at a Top Gear producer during a “fracas” over not being served the dinner he wanted after a long day’s shoot. This has resulted in his suspension from the BBC along with the final three episodes of the show postponed indefinitely. Among the buzz of supporters, The Mirror is reporting that the activist group Anonymous has threatened the BBC with a DDoS attack if Clarkson isn’t reinstated. This kind of internet attack overwhelms a website with traffic requests, effectively shutting it down. The report claims that an open letter to the BBC made these claims, branding the hacker mission as #OpBringBackClarkson saying “You don’t wanna piss off 300 million people…” and “BBC you are warned… DDOS cannons will fire if you don’t comply.” Sounds like Ol’ Clarkson has the might of internet justice behind him, doesn’t it? A closer look tells a slightly different story. First off, there’s hardly an official source for a group called Anonymous for the obvious reasons, so its hard to peg for sure when someone is speaking on the organization’s behalf. Usually, associated twitter accounts like @YourAnonNews, which has over a million followers, indicate what’s trending amongst the cabal, and #OpBringBackClarkson really isn’t up there. Like, at all. As of this writing, eleven people have used the hashtag on twitter. Eleven. Looking at many of the Anonymous-branded twitter accounts and websites reveal that their uproar is more focused on things like the recent Ferguson protests and other serious issues of violence across the globe. Nobody is really talking about their favorite car show host. The Mirror’s article posts what seems to be the one Anonymous-related twitter post regarding the incident, but its handful of followers and tweets, in comparison to sources like @AnonyOps make it seem like an Anonymous fan rather than the voice of a movement. Surely then, this “open letter” would have more information? It might if you can find it. For all this talk of an open letter, any searches and stories posted simply refer back to the original Mirror article, with no links going to the BBC-directed open letter. In fact, after searching for hours, the only way we found it was to tweet the author of the post himself, who shared with us this link: http://pastebin.com/Kau1eP6N The letter doesn’t say much else beyond what we quoted above, save for linking to the Change.org petition and the recanting of Anonymous “we are legion” maxim. Pastebin is a great way to anonymously post text, but it doesn’t really work as an open letter forum unless you get the word out, and none of the Anonymous people are doing that, just The Mirror. We’re wondering if the BBC has even seen this. Again, the tricky thing about dealing with a group called Anonymous is, well, they’re anonymous. We’re not suggesting that this threat is false, but the evidence indicating that it might be is sketchy at best. Source: http://www.digitaltrends.com/cars/anonymous-to-ddos-attack-the-bbc-site-over-clarkson/

Continued here:
Anonymous to BBC: Bring back Clarkson, threatens DDoS attack

Bitcoin Mining Pools Targeted in Wave of DDOS Attacks

AntPool, BW.com , NiceHash, CKPool and GHash.io are among a number of bitcoin mining pools and operations that have been hit by distributed denial-of-service (DDoS) attacks in recent days. The incidents appear to have begun in the first week of March. For example, on 11th March, AntPool owner Bitmain sent an email to customers disclosing the DDoS attacks and advising external pool users to set up failsafe pools in the event of an outage. According to many of the companies affected by the incidents, those behind the attacks demanded payment in bitcoin in return for stopping the attacks. BW.com alerted customers via its official blog to possible service disruptions owing to oattacks, but did not say whether or not a ransom notice had been sent. Other pools took to Bitcoin Talk to warn users about the DDOS attacks. GHash.io operator CEX.io suggested that affected pools are seeing escalating DDoS threats, and said that the source of recent attacks on its pool came with increasing ransom demands. A spokesperson for CEX.io told CoinDesk: “The attack has been conducted by a hacker who has already DDoSed CEX.IO in October, 2014. Previously, he demanded 2 BTC for stopping the attack. This time, the payment has been raised to 5 to 10 BTC.” At least one other mining pool, NiceHash, also reported sustained DDOS attacks last fall. The alleged source of the DDOS attacks, operating under the name DD4BC, is believed to be behind a number of attacks on digital currency websites and services in the past year. Incidents tied to DD4BC include an attack last year on the digital currency exchange Bitalo that resulted in the posting of a 100 BTC bounty. Following the recent DDOS threats, Bitmain contributed an additional to the bounty. Disruptions likely to continue Affected pools say they have moved to boost in-house defense mechanisms in light of the attacks, but some have warned that future outages may likely occur. Bitmain said that its other services, including the cloud mining platform HashNest, may also be affected in the coming days. Operators that responded to press queries say they have refused to pay the ransoms and will continue keeping their pools open despite the risk of future DDoS attacks. Some of the pools have conceded that resolving the situation will be difficult owing to the capabilities believed to be possessed by the source of the attacks. Bitmain’s Yoshi Goto noted that the attacks appear to be systematic and acknowledged that it remains unclear when the situation will be completely resolved. “It is a cat and mouse game now but we will do our best,” he said. CoinDesk will continue monitoring the developments and post updates as they become available.  Source: http://www.coindesk.com/bitcoin-mining-pools-ddos-attacks/

See more here:
Bitcoin Mining Pools Targeted in Wave of DDOS Attacks

DDoS attack targets Femsplain on International Women’s Day

Feminist blog Femsplain was taken offline earlier today by a distributed denial of service (DDoS) attack, according to the site’s founder, Amber Gordon. She tells The Verge that the site was offline for roughly three hours before service returned intermittently late Sunday afternoon on the East Coast. The timing seems far from random: today is International Women’s Day. In a tweet, Gordon — best known online as @missambear — shared a screenshot showing the massive influx of traffic from the DDoS attack. Such attacks overwhelm the servers that host websites with a avalanche of requests. According to Gordon, these sorts of attacks are not rare. “We constantly have people attacking us and attempting to bring our website down. It’s unfortunate but the reality of our mission.” She added in comments to The Verge that prior attacks are “never to this severity and I think it’s because it’s International Women’s Day.” Social media accounts taking credit for the attack used the hashtag #internationalwomensday, suggesting the harassment is tied to today’s date. The blog started up late last year as a place for women to discuss topics from online harassment to Gamergate. It has a group of female contributors who publish stories to the site. It also shares reader submissions. Gordon says that “our community is so vocal about supporting us that tons of people were sending messages out on social media to raise awareness that this was happening.” She added, “unfortunately it happened on a day that’s meant to celebrate women.” Source: http://www.theverge.com/2015/3/8/8171269/ddos-attack-targets-femsplain-on-international-womens-day

Excerpt from:
DDoS attack targets Femsplain on International Women’s Day

Sony, Microsoft, and Nintendo Are Working Together to Stop DDoS Attacks

We may all have different gaming preferences, but we can probably all agree that DDoS attacks suck. Whether it’s the PlayStation Network or Xbox Live that goes down, seeing services get targeted by code junkies for their own selfish entertainment is never nice; at the end of the day, we all just want to enjoy our games – regardless of which platform we’re playing on. We’re pleased to learn that Sony, Microsoft, and Nintendo are all in constant communication about how to mitigate the impact of these irritating attacks, then. “I don’t think that it’s great when the PSN goes down,” Xbox chief Phil Spencer told Game Informer magazine. “It doesn’t help me. All it does is put the fear and distrust from any gamer that’s out there, so I look at all of us together as this is our collective opportunity to share what we can about what we’re learning and how things are growing. Those conversations happen, which I think is great.” Slightly muddled sentences aside, we really like what Spencer’s saying here: DDoS attacks are incredibly difficult to defend against, so maybe it’s going to take all three companies working together to prevent them from causing so much damage. There hasn’t been a problem on the PSN for a few months now, so hopefully a few corners have been turned behind closed doors. Source: http://www.pushsquare.com/news/2015/03/sony_microsoft_and_nintendo_are_working_together_to_stop_ddos_attacks

Read the article:
Sony, Microsoft, and Nintendo Are Working Together to Stop DDoS Attacks

China online gambling bust; Korean site orders DDoS attacks on competitor

Authorities in China have broken up an international online gambling operation based in Hunan province. China’s official press agency Xinhua quoted Chinese police saying they’d detained 19 individuals following a two-month investigation. A further eight individuals have been targeted for arrest over their roles in the operation of the Shenbo Sun City website, whose servers were based outside the country. Police said the operation earned a profit of RMB 1.4b (US $$223m) between May 2013 and Oct 2014. Police have frozen approximately 1,000 bank accounts across China containing around RMB 200m. This marks China’s second major bust of 2015, having taken down a similarly large operation in Shandong province in January. Over in South Korea , authorities have arrested two ‘cyber security experts’ accused of targeting an online gambling site with distributed denial of service (DDOS) attacks. Intriguingly, the hackers were hired by another illegal online gambling operator intent on eliminating his competition. The Korea Times quoted the National Police Agency saying a man named Yang, the owner of an online security company, was paid a hefty KRW 1b (US $911k) since May 2014 to target the online gambling operator’s competitor on multiple occasions. Neither site operator was publicly identified by police. On Sept. 25, Yang reportedly hacked into 12k computers and commanded them to spam the targeted site with messages in order to crash its servers. Yang told police he’d agreed to don the black hat because his legal sources of income were “unstable.” Police are continuing to investigate to determine what other DDOS attacks Yang and his henchman might have launched. Source: http://calvinayre.com/2015/03/03/business/korean-gambling-site-ddos-attack-on-competitor/

Continue reading here:
China online gambling bust; Korean site orders DDoS attacks on competitor

DDoS Exploit Targets Open Source Rejetto HFS

Apparently no vulnerability is too small, no application too obscure, to escape a hacker’s notice. A honeypot run by Trustwave’s SpiderLabs research team recently snared an automated attack targeting users of the open source Rejetto HTTP File Server (Rejetto HFS). Someone was trying to exploit a vulnerability—which has since been patched—and install the well-known distributed denial-of-service tool IptabLes (unrelated to the Linux tool), also known as IptabLex. Rejetto HFS has been downloaded more than 24,000 times in the last seven days and according to the project’s website has an estimated 12,500 users and is used as a file-sharing application as well as a webserver. It also runs on Wine, the Windows emulator for Linux systems. “This is just one snapshot, one request. This is one example to extrapolate and take a higher level view; there’s likely a lot more activity out there,” said Ryan Barnett, SpiderLabs lead researcher. It’s likely the attackers have simply incorporated this exploit into a larger attack platform, Barnett said. “That’s the value of honeypots, spotting automated tools scanning the Internet shot-gunning exploits, and hoping it works,” Barnett said. The exploit, sent from a possible compromised IP address in China, was targeting CVE-2014-6287, a remote code execution bug in Rejetto. Specifically, the vulnerability affects Rejetto versions prior to 2.3c; the vulnerability is in the findMacroMarker function. Barnett said the exploit relies on a null byte character to trigger the attack code, which is written in Microsoft VBScript. Once the exploit executes, it tries to connect to a pair of IP addresses hosted in Paris (123[.]108.109.100 and 178[.]33.196.164) on three ports: 80 (HTTP); 53 (DNS); and 443 (HTTPS). Barnett said only 178[.]33.196.164 remains online and is a malware repository responding to XML HTTP Requests (XHR) from the exploit. The exploit tries to infect Rejetto users with the IptabLes DDoS tool. via @Threatpost Tweet A file called getsetup.exe is sent to the compromised server along with another executable, ko.exe, which drops IptabLes. Barnett said detection rates are high for the hash of getsetup.exe. IptabLes is a troublesome DDoS tool, capable of synflood and DNSflood attacks. It installs itself into boot for persistence, according to the SpiderLabs research, which added that IptabLes has been widely reported targeting Linux and Unix servers. The vulnerability being targeted was submitted last September. “It’s not very sophisticated, and a lot of times these types of attacks don’t have to be,” Barnett said. “These guys are concerned with scale because they’re running botnets. What makes botnets so nice to the criminals running them is that they don’t care to be stealthy. They can send attacks blindly, and if they’re shut down, they just move on.” Source: http://threatpost.com/ddos-exploit-targets-open-source-rejetto-hfs/111286

Originally posted here:
DDoS Exploit Targets Open Source Rejetto HFS

New York City hit with DDoS attacks, government email service knocked out

Unknown hackers knock out New York City governments email system For whole of last week and uptil Monday, unknown hackers had knocked of New York City government’s emailing system. The attack was pretty ferocious according to a City Hall source who said that the “universal” denial of service attack had now been contained but there was still “ongoing malicious activity” as recently as Monday. Almost all government agencies in New York City were unable to send or receive messages for the past week due to this attack. Some agencies such as the Department of Transportation set up temporary Gmail accounts to send and receive emails. Sources said that inbound and outbound emails were affected while intra-agency emails were not affected by the attack Speaking about the DDoS attack, Jackie Albano, a spokeswoman for the city’s Department of Information Technology and Telecommunications, said that the attack which started last Tuesday, had been resolved last week. He  also added that the efforts taken to mitigate the attack may have slowed the email servers resulting in slowed emails. It is not known whether New York City government websites were under DDoS attack or were hacked because Albano added that no sensitive information or data was compromised during the attack. He however said that this was a “big attack” but downplayed its impact on New York City government services. “It is a big deal but….it’s like a lot of mosquitoes buzzing around you,” said Albano. “The nature of the attack is only designed to interfere with service, not to steal or access any private information. It’s designed to slow down email. On the scale of cyber incidences it’s kind of low.” Albano said that MSISAC, New York Police Department and FBI were all investigating the incident and it is still not clear who initiated the attack of why. Source: http://www.techworm.net/2015/02/new-york-city-hit-with-ddos-attacks-government-email-service-knocked-out.html

More here:
New York City hit with DDoS attacks, government email service knocked out

Hackers create tool that DDoS attacks on telephone lines

There are only the sites and services Internet which are subject to known denial of service attacks – common phones, whether mobile or not, are also subject to suffering such blows. That’s what the site revealed The Register that, on Monday (23), brought the story of TNT Instant Up, a device created by hackers Eastern Europe just facing this purpose. Sold on the Internet by values ??ranging between $ 500 and $ 1,200, the equipment uses an interconnected system of SIM cards and modems to bomb one or more numbers linked. Calls are empty and only serve to clog the lines, preventing legitimate users are able to access them The idea here is basically the same as any attack DDoS :. Prevent the use services. But, here, they are not removed from the air, but only end up congested and unusable for the duration of the attacks. The practice is being called TDOs, short for Telephone Denial of Service , or denial of telephone service. The problem is that in the new modality, the results would be much more dangerous . While most of the scams of this type cause financial losses to affected companies and inconvenience to its users, it TDOs would be able to, for example, block emergency services. Furthermore, the TNT Instant up would be simple enough to literally anyone could use it. In a demonstration video freely available on YouTube, one of tool vendors shows up with various cell at the same time, with numbers that are entered from a running software on a computer. Trading in the “merchant” happens ICQ or email and the product is sent by mail as any conventional electronic. The FBI would have identified at least two circumstances in which a device such as TNT Instant Up was used to prevent user access to health service plan or emergency lines. Nevertheless, did not identify crimes that were being made in relation to the attack and that would justify blocking the line and trying to prevent citizens to contact the police, for example. According to the information of IntelCrawler , a provider of systems and security solutions, as well as in denial of service attacks on the web, there are ways to protect against this new type of coup, unless, of course, disconnect the line to phone stops ringing nonstop. An alternative that simply does not exist for emergency services, especially now become more of a tool target that can be used by anyone, whatever her intent. Source: http://www.unlockpwd.com/hackers-create-tool-that-ddos-attacks-on-telephone-lines/

Originally posted here:
Hackers create tool that DDoS attacks on telephone lines

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say it’s not DDoS but a high volume of visitors, at the logs it showed [thousands] of connections from repeating IPs,” the notice said. The attack may be an outcome of last week’s disclosure that Superfish, pre-installed on new Lenovo laptops between September 2014 and this January, put users’ sensitive transactions at risk to man-in-the-middle attacks. Komodia’s SSL Digester, a self-proclaimed “SSL hijacker SDK,” is used by Superfish, which analyzes images on a website and serves up ads for products similar to the respective images. Komodia decrypts SSL traffic and does so without triggering a browser-based certificate warning. This enables Superfish, which uses the library, to sit in a man-in-the-middle position and see all traffic leaving the machine beyond online advertisements, putting banking, email and other private transactions at risk. Late last week, researchers uncovered that the Komodia library installs a self-signed root certificate. That same cert, protected by the same password, was shipped on all Lenovo machines. Researcher Rob Graham of Errata Security cracked that password late last week and published details. Attackers can use that information to read traffic that’s supposed to be protected, carrying out a man-in-the-middle attack. Shortly thereafter, researchers with Facebook’s Security Team reported that it had discovered more than a dozen other software applications using the Komodia library in question, along with a list of certificate issuers. That list includes: CartCrunch Israel LTD WiredTools LTD Say Media Group LTD Over the Rainbow Tech System Alerts ArcadeGiant Objectify Media Inc Catalytix Web Services OptimizerMonitor “Initial open source research of these applications reveals a lot of adware forum posts and complaints from people. All of these applications can be found in VirusTotal and other online virus databases with their associated Komodia DLL’s,” said Matt Richard, threats researcher at Facebook. “We can’t say for certain what the intentions of these applications are, but none appear to explain why they intercept SSL traffic or what they do with data.” Richard said the list represents certs on more than 1,000 systems on applications including games, popup generators, or behavior such as Superfish’s. “What all of these applications have in common is that they make people less secure through their use of an easily obtained root CA, they provide little information about the risks of the technology, and in some cases they are difficult to remove,” said Richard, adding that the SSL proxies aren’t likely to adopt advanced protections such as certificate pinning or forward secrecy. “Some of these deficiencies can be detected by anti-virus products as malware or adware, though from our research, detection successes are sporadic,” Richard said. Facebook said that the installer for the root CA includes a number of attributes that make it easy to detect, adding that most are designed to work with newer versions of Windows and won’t install on older versions. Source: https://threatpost.com/komodia-website-under-ddos-attack/111195

Read the original:
Komodia Website Under DDoS Attack