Tag Archives: var-username

Fort Lauderdale Website Under DDoS Attack Again

The City of Fort Lauderdale announced Wednesday that it may have to disconnect its Internet service at different points due to another attempt at a denial of service attack on the city’s website. Fort Lauderdale recently saw its home page and the website for Mayor Jack Seiler both go through denial of service attacks at the hands of Anonymous. The hacker collective launched the DDoS attack to try to change the homeless feeding ordinance and other city rules. The Anonymous DDoS attack lasted for several hours during the first attack which kept the home page inaccessible for several hours. The city said Wednesday that it is working with its Internet Service Provider to mitigate risk and safeguard the system. However, the city said there may be service interruptions and intermittent website performance due to the possible new attack. Source: http://www.nbcmiami.com/news/local/Fort-Lauderdale-Website-Under-Attack-Again-284672121.html

Read the original post:
Fort Lauderdale Website Under DDoS Attack Again

Summary of DDoS Attacks this Holiday Season

A number of high-profile distributed denial-of-service (DDoS) attacks have taken place over the past few days, and it is expected that more will occur as we draw closer to the holidays. The attacks began early last week when a hacker who is associated with Anonymous orchestrated a DDoS attack against the websites for the Supreme Court of Canada and the Ottawa Police Forces. The DDoS attack was preceded by a hack against the City of Ottawa, during which the attacker replaced the website’s homepage with an image of a dancing banana. According to the hacker who has claimed responsibility for the attacks, the DDoS campaign was meant to respond to the arrest of a teen that had allegedly made more than 30 emergency 9-1-1 calls across North America. The hacker believes the teen was framed and is trying to help him clear his name. Following a busy Thanksgiving weekend, which included the Sony breach, Cyber Monday saw a DDoS attack against DNSimple, a domain management provider. The attack, which lasted approximately 12 hours, sustained traffic of up to 25Gbps and about 50 million packets per second sent to DNSimple’s servers. Finally, a DDoS attack launched on Tuesday by Lizard Squad, a group well known for this type of attack, succeeded in bringing down the servers at Blizzard Entertainment, a gaming enterprise known for the popular World of Warcraft computer game franchise. Just a day earlier, Lizard Squad had succeeded in using a DDoS campaign to bring down Xbox Live, much to the frustration of shoppers who had purchased the gaming console on Cyber Monday. The attacks on the Canadian government websites, DNSimple, and Blizzard Entertainment suggest that high-volume DDoS attacks are on the rise. In fact, Verisign, a Virginia-based security firm, has been tracking this trend throughout the third quarter. Over the course of its investigation, it has noted an increase of as much as 60 percent quarter-on-quarter in 2014 for some companies. Researchers at Verisign recommend that companies invest in advanced DDoS protection solutions. This is especially true as we approach the holidays, for this type of attack spikes around this time of year. And with Lizard Squad preparing for additional DDoS attacks, their advice could not be more perfectly timed. It looks like it’s going to be a busy holiday season. Source: http://www.tripwire.com/state-of-security/top-security-stories/ddos-attacks-ramp-up-for-the-holidays/

See the article here:
Summary of DDoS Attacks this Holiday Season

The Conversation hit by DDoS Attack

Academia-meets-journalism website the Conversation was hit by a denial of service hacker attack this morning, preventing it from posting new articles or sending its daily email for around eight hours. The cyber attack was targeted at the site’s domain name server DNSimple and affected hundreds of sites across the world. It is believed to be related to the Cyber Monday sales which were going on in the US and UK at the time. In a note in today’s newsletter, sent at 2pm as opposed to the regular 6am, managing editor Misha Ketchell wrote: “Apologies for the long delay in sending today’s newsletter. Our website has been down since shortly after 6am thanks to a “denial of service” attack on our domain name server, DNSimple. “If that’s got you scratching your head, you’re not alone. A denial of service attack is easy enough to understand: it’s where malevolent hackers inundate a server with so many requests it ceases to function. “What’s confounding is why anyone would do something so pointless. In this case we think we’ve been caught up in a targeted attack to coincide with the Cyber Monday sales events in the US, as David Glance explains here. “For now the worst appears to be over and we are working on ways to ensure it doesn’t happen again. Thanks for your patience.” DNSimple is still currently experiencing issues across some of its domains due to the attacks, which are explained in more detail in a piece on The Conversation. Source: http://mumbrella.com.au/conversation-hit-denial-service-hackers-morning-265908

Link:
The Conversation hit by DDoS Attack

Google reels under DDoS attack

Google, it seems, has the eye of Sauron upon it. About 10:30 am IST, all of the monolith’s services went offline, including Gmail and the all important Google search engine. Since then, services have been restored one at a time. Google search and Gmail were resurrected around 11:20 am. while Google Drive and Gmail Chat only made their way back around 11:42 am. Panic was rampant on Twitter, as more and more people discovered they couldn’t log on, but it seems to be settling down now. So why was #GoogleDown? Well according to Digital Attack Map, ironically also a Google property, points to a possible DDoS attack on Google’s servers. A Distributed Denial of Service (DDoS) attack is when a malicious group uses multiple systems to bombard a server with unnecessary traffic, in an attempt to make it crash. No credit taken by any hacker group and no comment yet from Google, as of this time. Source: http://www.dnaindia.com/scitech/report-google-reels-under-ddos-attack-2040211

More here:
Google reels under DDoS attack

DDoS attack takes down X-Box Live, FBI warns businesses of new hacking threats

Cyber Monday appears to be a good time for cyber attacks. A group calling itself Lizard Squad said it has taken down Xbox Live. The outage started Monday night and has gamers complaining that they can’t access their systems. The group posted a message to Twitter Monday evening: Cyber Monday appears to be a good time for cyber attacks. A group calling itself Lizard Squad said it has taken down Xbox Live. The outage started Monday night and has gamers complaining that they can’t access their systems. The group posted a message to Twitter Monday evening: The group appears to have launched a DDOS (distributed denial-of-service attack), a fairly common way to take a site offline. Gaming sites said the Lizard Squad has been attacking gaming services for several months, including Play Station, Destiny and several EA games. The group made similar threats to bring the sites down at Christmas. Meanwhile, the FBI is warning businesses that hackers are using malicious software to launch a series of attacks on the U.S. Over the weekend, Sony Pictures Entertainment was hacked, resulting in five films, including the company’s new version of “Annie” being leaked online. The FBI sent out a confidential five-page memo to businesses Monday warning of the possibility of similar attacks, CNBC reported. The Sony attack is believed to have come from North Korea, which had threatened retribution for an upcoming film about its leader Kim John-un. North Korea has complainedthe film, “The Interview” – which includes a plot to assassinate the leader – was state-sponsored “terrorism.” North Korea has appealed to the United Nations to stop distribution of the film. The FBI is investigating the attack. Source: http://www.al.com/news/index.ssf/2014/12/ddos_attack_takes_down_x-box_l.html

SK Internet down after DDoS Attack

SK Broadband, one of the largest providers of broadband Internet access in Korea, was attacked by the Distributed Denial-of-Service (DDoS) over the weekend, disconnecting its Internet services for about an hour. DDoS is a kind of cyberattack in which multiple compromised systems are used to target a single network or a machine and make it unavailable to users. On Saturday at 10:55 a.m., the traffic on SK Broadband’s DNS server soared up to 15 million packets per second (PPS), from its usual average of about 1 million PPS. PPS refers to the number of database transactions performed per second. The Ministry of Science, ICT and Future Planning said it blocked the cyberattack on SK Broadband and a smaller attack on LG U+ with the help of the Korea Internet Security Agency (KISA) and was able to normalize the service in 70 minutes. SK Broadband users near Seocho and Dongjak distrcts in southern Seoul were without Internet from 10:55 a.m. until 12:05 p.m. on Saturday. There was also a mild attack on LG U+, the nation’s third-largest mobile carrier, but it did not have a noticeable effect on the carrier or its users, according to the ministry. The investigative team at the Science Ministry has confirmed 1,030 Internet Protocol addresses used in the DDoS attack and is analyzing the SK’s DNS server log. SK Broadband said it is planning to collect and analyze the malware codes used in the attack after it identified zombie PCs among the users. “It’s not the first time that a mobile carrier has been attacked by DDoS. We are investigating where the attack came from and the exact causes,” said Lim Young-seok, a manager at SK Broadband. “It could take a month, as in the case of previous cyberattacks on banks.” However, information security companies suggested that the DDoS attack on the mobile carrier and the Internet service provider could be a prelude to a larger cyberattack. Increased malware activity was recorded ahead of massive cyberattacks on three Korean television stations and a bank on March 20 and a June 25 attack on the Blue House website. Bitscan, a local securities company, warned that malicious links are at their most active point this year. “As malwares hover between wired and wireless networks, PCs and mobile devices that are vulnerable to cyberattacks will likely see huge damages,” said a spokesman for Bitscan. Source: http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=2997940

Continue reading here:
SK Internet down after DDoS Attack

Oh Oh Oh, Tis the season for DDoS attacks

It’s that time of the year where some websites become extremely high valued targets. It happens every year around this time, this year has proven to be no exception. DOSarrest have seen in the past where some online merchants were completely devastated by DDoS attacks that can sometimes force them out of business. These unlucky merchants were down due to attacks that lasted for several days and all of their customers had made their urgent Christmas purchases on other sites. These are lost sales that will never return and to make things worse, the online merchant gets stuck with excess inventory that they can’t sell. Why does this happen at this time of the year ? The answer is simple its most likely your competition. What better way to punish your competitor, then to shut their doors during the busiest shopping time of the year. The importance of DDoS protection can save your business. You can’t afford it ? Think of the alternative, being down for 24-48 hours sometime between November 27 to December 15th. Could your business survive this ? These are all questions to ask yourself. Approximately 30% of DOSarrests’ customers use the service as a back-up, should they experience a DDoS attack they use the service, when there is no attack they run directly off of their own server(s). Today one of their customers had an attack and contacted DOSarrest letting us know they needed help. Everything was already setup on DOSarrests’ side, fully customized and previously tested for them. Their 24/7 support team guided them through the steps to take and the customer was down for only 45 minutes. 45 minutes is a lot but it could of been 6 hours or longer if they didn’t have something already setup in advance. This particular customer already had a plan in place, he knew what he had to do and what not to do and was thrilled to not suffer some protracted outage. Some of the higher end online merchants will be ringing up $400,000/day in sales at this time of the year. Down or crippled for 6 hours would really hurt. Ask Santa for a DDoS protection plan this Holiday season, just in case the Grinch visits. Mark Teolis General Manager for DOSarrest Internet Security.

Originally posted here:
Oh Oh Oh, Tis the season for DDoS attacks

What Can DDoS Attacks Mean for Black Friday and Cyber Monday?

This weekend’s huge number of online shoppers could result in an influx of cyber crime. Two experts discuss how DDoS attacks can affect retailers and how marketers can prevent them. Online shopping is at an all-time high, with retailers expected to rake in more than $6.5 billion in revenue this weekend, the busiest of the year. But with all those people shopping, it’ll also be a busy weekend for the people who administer distributed denial-of-service (DDoS) attacks. “You can almost think of [DDoS attackers] as pirates,” explains Lisa Joy Rosner, chief marketing officer at Neustar, an information services and analytics company headquartered outside Washington. “What they do is they create this fake overload on your system and stuff all this fake traffic on your site.” Whether DDoS attacks are designed to get a ransom from site owners (“pay up and we’ll stop”) or create a diversion, allowing hackers to sneak in and install data-stealing malware while the attention is on the attack, they rose 71 percent from 2012 to 2013, according to Neustar’s annual impact report. More than 40 percent of the study’s respondents report losses of at least $1 million per day while their sites were slowed down. DDoS attacks don’t only hurt brands financially. It only takes a quarter of a second to lose a customer and not much longer for people to flood the call centers. Unable to handle the volume of customer complaints, companies experience decreased brand confidence as a result. “When marketers make checklists of how to make it through the holidays, they have to think about everything, including the safety of the site and the contribution that makes to the customer experience,” says Rosner, who referred to DDoS attacks as digital armed robbery. Though 95 percent of companies have some form of DDoS protection, it’s not necessarily the right kind. Firewalls, routers, and intrusion prevention systems aren’t designed for attacks, and can ultimately accelerate outages by bottlenecking traffic. “Every connection, whether legitimate or not, will utilize a link in their cable, using memory in the firewall,” says Frank Ip, vice president of marketing and business development at Black Lotus, a San Francisco DDoS-mitigation service. “That eventually overwhelms the stability, so firewall is not a solution.” Ip says that botnets, or compromised Internet connections, are especially prevalent in India, Indonesia, and Vietnam, countries with huge populations of young mobile users who predominantly use Androids, which are more easily corruptible than iOS. Mobile users are more susceptible to unwittingly committing cybercrime because of free Wi-Fi that lacks encryption, though Ip points out that large retailers are generally too savvy for their websites to be similarly unprotected. “It’s the same protocol,” Rosner agrees. “They’re designed to go across devices, whether it’s a laptop or an iPhone or an iPad or Android or what have you. The same security is embedded across all different types of channels.” For marketers to protect their websites, it can be as simple as having equipment to deal with an attack or working with a third-party mitigator who does. Rosner says that it’s important to have an early-warning system to detect anomalies, such as a sudden influx of traffic from another country. Ip adds, “If you compare the intangible losses – customer goodwill, brand equity – it will be a small amount of money to put some preventative resources in place.” Source: http://www.clickz.com/clickz/news/2383707/what-can-ddos-attacks-mean-for-black-friday-and-cyber-monday

See more here:
What Can DDoS Attacks Mean for Black Friday and Cyber Monday?

Sony Pictures Entertainment Disabled by Cyber Attack

The company’s corporate networks and email were taken offline following the attack. Variety reports that all Sony Pictures Entertainment employees were advised on Monday, November 24, 2014, not to connect to corporate email or corporate networks following a breach by hackers calling themselves “Guardians of Peace,” or #GOP. Deadline.com reports that Sony Pictures’ computers were still down worldwide as of the following day, November 25, 2014. According to The Verge, company computers were defaced with a message stating, “Hacked By #GOP.” “Warning: We’ve already warned you, and this is just a beginning,” the message adds. “We continue till our request be met. We’ve obtained all your internal data including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world.” Below the message was a list of five links to zip files allegedly containing stolen data. A Reddit post examining the zip files reports that they contain several files named “private key,” along with Excel files named “passwords” and PDF files named “Diaz, Cameron – Passport.pdf” and “Angelina Jolie passport.pdf.” Another poster found what appears to be weekly Excel files backups of a 1Password database. In an email sent to The Verge, a GOP hacker claimed they were assisted by insiders at Sony, stating, “Sony doesn’t lock their doors, physically, so we worked with other staff with similar interests to get in,” the hacker added. HyTrust vice president Michele Borovac told eSecurity Planet by email that this appears to be yet another example of a massive insider breach. “While it’s possible that the statements made by the attacker are just bluster, the reality is that privileged user credentials can give a hacker the keys to the kingdom,” she said. “Organizations must take steps to gain control and maintain visibility over these administrative ‘super user’ accounts if they want to prevent — or at least contain — these types of attacks,” Borovac added. A Courion survey recently found that IT managers are overconfident about their ability to prevent insider breaches, while a SpectorSoft survey found that 61 percent of IT professionals say they’re unable to deter insider threats. A recent eSecurity Planet article offered advice on how to defend against such threats. Incapsula security researcher Ofer Gayer told eSecurity Planet that the Sony attack is a hard blow for the company, particularly coming so soon after Sony’s networks were taken offline by a DDoS attack in August 2014. “As we’ve seen, these attacks can have a devastating effect on a company, its employees and its clients,” Gayer said. “Releasing private data (dubbed ‘d0xing’ in internet slang) or losing it all completely takes a dangerous step forward from plain old data theft, and as these types of attacks gain popularity, CISOs will be under heavier pressure to prevent them.” Source: http://www.esecurityplanet.com/network-security/sony-pictures-entertainment-disabled-by-cyber-attack.html

More:
Sony Pictures Entertainment Disabled by Cyber Attack

Cleveland city website shutdown due to DDoS Attack

In retaliation for the police killing of a twelve-year-old boy in Cleveland and the fact that the names of the Police officers who shot him have not been released yet, the hacker group Anonymous claimed responsibility for shutting down the Cleveland city website early on Monday, reports VICE News. Anonymous is a loosely associated international network of activist and hacktivist entities. Anonymous is made up of individuals who hack into computer systems without permission and take data such as communications records, names, addresses, phone numbers, and credit cards. The group has become known for a series of well-publicized publicity stunts and distributed denial-of-service (DDoS) attacks on government, religious, and corporate websites. The hacker group claimed responsibility for shutting down the Cleveland city website after the boy in Cleveland died due to injuries sustained in the police shooting. The boy was shot by police after he displayed a replica gun at a Cleveland recreation center. The Cleveland Police Department said in a statement that the child had not complied with orders to raise his hands. Instead, he apparently reached towards his waist band for the replica gun. The child had reportedly been pointing the toy weapon at members of the public outside the Cudell Recreation Center, prompting a 911 call, reports Reuters. The boy was taken to Metro Health Hospital for surgery on Saturday and remained in critical condition until his death early Sunday. The two officers involved in the incident were placed on administrative leave. One of them was treated at Fairview Hospital for an ankle injury, reports Reuters. According to a report on Cleveland.com that cited the deputy chief of police, Rice did not confront the officer verbally or physically. His father, Gregory Henderson, has questioned the use of lethal force saying, “Why not taze him? You shot him twice, not once, and at the end of the day you all don’t shoot for the legs, you shoot for the upper body,” as reported VICE News. The Department’s Use of Deadly Force Investigation Team is currently investigating the incident. Source: http://sputniknews.com/us/20141125/1015137543.html