Monthly Archives: November 2014

Blizzard confirms World of Warcraft target of DDoS attack

Update 5:50 a.m. PST: The servers are now down for maintenance, and the attack is over. If further ones happen, we’ll announce accordingly. Update 8:15 p.m. PST The DDoS attacks continue. Blizzard is rolling out updates to the backend services at a breakneck pace right now, some of which are having unintended consequences and further complicating an already messy situation. However, it should be noted that this is to be expected when combating such a large scale attack. In no way is Blizzard responsible for the server outages on this scale — responsibility rests with the script kiddies and bot net controllers. It’s hard to know just how big this attack is, but with the sustained issues it’s causing, and the severity of response from Blizzard, it’s safe to assume that it’s big . Battle.net is a hardened internet service that has withstood onslaughts like this before. For it to fail at such a critical juncture is nothing but catastrophic for the short term, and could have serious long term implications. We have some idea, shown above, of just how global this attack is. We’ll update this post as the night continues, providing you with the latest. In the mean time — we recommend you catch up on your lore, and not concern yourself with logging in. Original Post: WoW Insider received reports earlier today that Blizzard may be the target of a significant DDoS effort — and community manager Bashiok has confirmed it on the World of Warcraft forums. Bashiok goes on to outline additional issues Blizzard is currently attempting to resolve: instance servers timing out, disconnects from the continent servers, and performance and phasing issues with garrisons. Source: http://wow.joystiq.com/2014/11/13/blizzard-confirms-world-of-warcraft-target-of-ddos-attack/

Visit site:
Blizzard confirms World of Warcraft target of DDoS attack

Dormant IP addresses RIPE for hijacking

‘That’s not us spamming, honest’ cries hosting firm Spammers are using loop holes in the internet routing registry to commandeer address space and pump out junk mail, and potentially launch denial of service attacks and steal traffic.…

Read the original:
Dormant IP addresses RIPE for hijacking

WordPress Security: Prevent Brute Force and DDoS Attacks

Earlier this year, a WordPress XML-RPC exploit was used to launch distributed denial-of-service (DDoS) and brute force attacks against WordPress websites. As WordPress continues to grow in popularity and gain an increasing share of the market for website content management systems (CMS), such attacks have proliferated and pose an ongoing security risk that WordPress developers and website owners must address.   Distributed Denial-of-Service Attacks In the case of DDoS attacks, the intent of attackers is to disrupt a website or service by flooding it with information and traffic. According to the U.S. Computer Emergency Readiness Team (US-CERT): “In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer.” Typically, larger scale DDoS attacks involve the use of multiple computer systems, websites, and servers that have been compromised and can be controlled remotely by the attackers. These networks are known as botnets and can include hundreds or even thousands of compromised systems. However, a simpler denial-of-service attack (DoS) can be launched from a single computer and potentially disrupt a website or service with only a small-scale effort. In either case, WordPress sites can be compromised and used for this purpose, and, in one of the largest cases earlier this year, more than 162,000 WordPress sites were used in just a single DDoS attack.   Brute Force Attacks In brute force attacks, the intent is to gain access to a website or service rather than disrupt it. Typically, attackers use various methods to automate the submission of login and authentication requests in an attempt to defeat a site or service’s security and gain access to user accounts, the administrative account, and ultimately the underlying server and architecture. According to the Open Web Application Security Project (OWASP): “A brute force attack can manifest itself in many different ways, but primarily consists in an attacker configuring predetermined values, making requests to a server using those values, and then analyzing the response. For the sake of efficiency, an attacker may use a dictionary attack (with or without mutations) or a traditional brute-force attack (with given classes of characters e.g.: alphanumeric, special, case (in)sensitive). Considering a given method, number of tries, efficiency of the system which conducts the attack, and estimated efficiency of the system which is attacked the attacker is able to calculate approximately how long it will take to submit all chosen predetermined values.” In WordPress brute force attacks, attackers can potentially identify a user’s password and use it to access the user’s account on the WordPress site and on other sites where the user may have the same ID and password. If the WordPress site contains any personal information, payment details for e-commerce, or other sensitive data tied to the user’s account, then attackers may be able to steal it. Worst of all, if attackers can gain access to the administrative account for a WordPress site, then they may be able to compromise, shut down, or delete the entire website, deploy malicious code, or steal or delete entire databases of sensitive information, including user logins and passwords.   WordPress Vulnerability: Pingback and XML-RPC DDoS and brute force attacks against WordPress sites have involved a WordPress pingback exploit and the general vulnerability of WordPress XML-RPC. WordPress uses the XML-RPC interface to allow users to post to their site using many popular Weblog Clients. This functionality can be extended by WordPress plugins, and WordPress offers its own API and supports the Blogger API, metaWeblog API, Movable Type API, and Pingback API. Unfortunately, this same functionality provides exploits that attackers can use to launch attacks, starting with the pingback exploit. Pingback is a linkback method that WordPress site owners and authors can use to request notification when someone links to their posts or pages. When pingback is enabled and an author or administrator of a WordPress site posts content that links to another site, an XML-RPC request is sent to the other site, which automatically sends a pingback to the original site to verify that there is a live, incoming link. Once this is confirmed, the pingback is recorded. According to Daniel Cid, founder and CTO of Securi Inc., a website anti-virus and anti-malware firm, “Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.” Using a simple command and an XML-RPC request, an attacker can exploit pingback and potentially use thousands of otherwise legitimate and seemingly harmless WordPress sites to launch a DDoS attack. As reported in a blog post by Cid earlier this year, attackers have now begun using further XML-RPC vulnerabilities and the XML-RPC wp.getUsersBlogs function to conduct large-scale brute force attacks against WordPress sites. Due to the many calls in WordPress XML-RPC that require a username and password, attackers can use a method like wp.getUsersBlogs to test or guess as many passwords as possible and gain access to WordPress administrator accounts or other user accounts. XML-RPC provides a faster method to conduct brute force attacks than using the /wp-login.php to make login attempts, and using XML-RPC is harder to detect.   How to Secure Your WordPress Site Against DDoS Attacks WordPress 3.9.2 included a fix that reduces the impact of some DDoS attacks, but, if pingback and XML-RPC are still enabled, they can be exploited. To protect your WordPress website against DDoS attacks, disable pingback and consider disabling XML-RPC entirely, especially if you do not need it or you want to ensure the strongest possible security for your site. WordPress offers instructions for how to globally disable pingback on your site, and two convenient plugins are also available to disable pingback and XML-RPC generally: https://wordpress.org/plugins/disable-xml-rpc-pingback/ https://wordpress.org/plugins/prevent-xmlrpc/   How to Secure Your WordPress Site Against Brute Force Attacks Disabling XML-RPC will remove the possibility of attackers using it to launch brute force attacks, but it does not address the vulnerabilities and risks of brute force attacks against /wp-login.php, and it does not solve the more serious problem of using passwords for user authentication in WordPress. Passwords create arguably the single greatest vulnerability in website and data security. They can be stolen or compromised through a variety of methods, such as brute force hacking, phishing, and malware, and they provide one of the primary incentives for attacks. As long as attackers are able to guess passwords through brute force or steal them in transit or from servers, they can potentially gain access to administrator or user accounts, compromise WordPress sites, and steal data or use them to launch further attacks. Moreover, the storage of passwords or other credentials, even in encrypted form, provides a huge incentive for attackers to target specific WordPress sites and the servers that host them. As Bill Gates declared at a security conference in 2004, passwords “just don’t meet the challenge for anything you really want to secure.” This realization has become more widespread in recent years, especially in the wake of high-profile cyberattacks against retailers like Target and Home Depot or financial institutions and online banking systems. As Google’s manager of information security, Heather Adkins, has put it: “Passwords are dead,” and “the game is over” for relying on passwords as the chief method to secure users and their data. According to WordPress founder Matthew Mullenweg, WordPress site administrators need to implement two-factor authentication in order to protect their sites from brute force attacks and other password vulnerabilities. However, as we explored in our previous blog article, “Choosing the Best and Safest Two-factor Authentication Method”, most solutions for two-factor authentication continue to use passwords as part of the login process, and this perpetuates the underlying problem of passwords. The best way to secure your WordPress site from brute force attacks is to remove passwords and other sensitive credentials from the login process and replace them with simple, mobile authentication that uses public key cryptography. With this approach, there are no passwords or credentials to guess, so brute force attacks are rendered obsolete, and there are no passwords or credentials entered or transmitted during the login process or stored on a server, so phishing and malware are also rendered obsolete. This eliminates the incentive and opportunity for attacks because there is physically nothing that attackers can potentially guess or steal in order to gain access to sites or accounts. As a minimum step toward the strongest possible security, WordPress administrators should enable this next-generation authentication method to protect access to their admin accounts. But the same level of security can be extended to all user accounts for a WordPress site, including self-enrollment that eliminates any need for the admin to set up two-factor authentication for other WordPress users. Source: https://www.secsign.com/wordpress-security-prevent-brute-force-ddos-attacks/

More here:
WordPress Security: Prevent Brute Force and DDoS Attacks

Don’t blame Obama, but DDoS attacks are now using his press releases

A new form of Domain Name Service-based distributed denial of service (DDoS) attacks that emerged in October, attacks that can significantly boost the volume of data flung at a targeted server. The method builds upon the well-worn DNS reflection attack method used frequently in past DDoS attacks, exploiting part of the DNS record returned by domain queries to increase the amount of data sent to the target—by stuffing it full of information from President Barack Obama’s press office. DNS reflection attacks (also known as DNS amplification attacks) use forged requests to a DNS server for the Internet Protocol address and other information about a specific host and domain name. For example, a response from Google’s DNS server typically returns something like this—a simple response with the canonical name (CNAME) of the DNS address sent in the request and an IPv4 or IPv6 address for that name: DNS requests are usually sent using the User Datagram Protocol (UDP), which is “connectionless.” It doesn’t require that a connection be negotiated between the requester and the server before data is sent to make sure it’s going to the right place. By forging the return address on the DNS request sent to make it look like it came from the target, an attacker can get a significant boost in the size of a DDoS attack because the amount of data sent in response to the DNS request is significantly larger. But this new attack pumps up the size of the attack further by exploiting the TXT record for a domain—a free-form text entry for a domain name. TXT records are used to provide “time to live” (TTL) information for caching of webpages, configuring anti-spam policies for e-mail service, and verifying ownership of domains being configured for Google Apps and other enterprise services. It can also be used to provide information about other services associated with a domain name. A TXT record for a domain can be up to 255 characters—a significant boost over the relatively small size of the request sent for it. In October, Akamai’s security team noticed a trend in DNS reflection attacks using TXT record requests to the domain “guessinfosys.com” and other malicious domains. The contents for those were not exactly what you’d expect in such a record—they contained text pulled from news releases on WhiteHouse.gov: These attacks lasted for over five hours during each episode, resulting in malicious traffic of up to four gigabits per second hitting their targets. The contents of the TXT records were apparently being updated automatically, possibly scraping data from the WhiteHouse.gov site. DDoS attacks, like many “reflection” attacks, are preventable by DNS server operators by blocking external DNS requests. The attacks can sometimes be stopped at the edge of the network, but that usually requires having more bandwidth available than the size of the attack—something smaller sites without DDoS protection from a content delivery network such as Akamai or CloudFlare may have some difficulty doing. Source: http://arstechnica.com/security/2014/11/dont-blame-obama-but-ddos-attacks-are-now-using-his-press-releases/

Read the article:
Don’t blame Obama, but DDoS attacks are now using his press releases

Defending against the dark arts of DDoS

In the magical world of Harry Potter, the boy wizard and his cohorts were enrolled in a class called Defence Against the Dark Arts as part of their curriculum. In the world of technology, defending against the “dark arts” of DDoS attackers is just as much a requirement. DDoS attacks suspend service to a website by overwhelming it with traffic from multiple sources, thus blocking access to the site and preventing users from accessing important information. Hackers can take down a website in one fell swoop using DDoS attacks, and the longer they last, the more costly they can be to a business. According to a report from TrendMicro Research, a week-long DDoS attack costs $150 on average from the Internet’s black market, while Verisign/Merrill Research reports that one-third of all downtime activity on the Internet can be attributed to DDoS attacks. Additionally, a newly-released report from Symantec indicates that DDoS attacks have increased by a staggering 183 per cent between January and August of 2014. In an exclusive interview with IT in Canada, Candid Wüeest, senior software engineer at Symantec Advanced Threat Research, discusses how businesses can defend against these attacks, and how Symantec can arm them for this battle. IT in Canada: Why are more businesses falling victim to DDoS attacks? Wüeest: I think we’re seeing more mid-sized and larger companies falling victim to DDoS attacks because they’re very easy to carry out by the attackers, and it can be very devastating on the receiving end as a result. The motivation behind it might often vary. For example, there are hacktivists who might do it to protest a company’s ideologies, but we also see others do it to make a profit. One of the most obvious profit-related (schemes) is extortion, where an attacked company might be told “Give us a certain amount of money or your online shop will be down.” The other is carried out by a company’s competition, using DDoS attacks to redirect customers to their business. With Thanksgiving coming up, if an online shop is not online during critical hours, people might go to a different shop, allowing the competition to profit from those sales. ITIC: The Symantec report notes that DDoS attacks increased by 183 per cent between January and August of 2014. What is the reason for that? CW: I think it’s a bit of a self-fulfilling prophecy. We see that they are successful, and more people in the media are talking about them. This shows hackers that it’s a proven way to attack someone, so they decide to go through with it, which also creates a bigger demand for automated tools and DDoS services. We are also seeing more advertising in the underground market for people selling these services, and this is probably the reason why you’re seeing more of them actually happening. ITIC: What can businesses do to prevent DDoS attacks? CW: When it comes to defending against DDoS attacks, there are a few strategies. The first one is to simply be prepared for them and know who to call. Have a response plan integrated into your system to accommodate DDoS attacks. In most case, when businesses fall victim to DDoS attacks, they don’t know what to do or who to call, or who is responsible at the IP level, and this results in valuable time and revenue being lost. The second one is planning for scalability and flexibility within your network. That starts with having the opportunity to filter out traffic whenever possible in multiple locations, have a load balancer in for multiple sites, or have a caching proxy in place. The third strategy involves implementing certain protection services. Nowadays, if you’re a medium- or large-sized business, you should also definitely speak with providers of specific protection services, which can help you mirror your website across multiple locations, allowing for better filtering if you are under attack. ITIC: Why are hackers now relying on mobile devices to execute attacks? CW: We’ve seen that hackers are experimenting with mobile phones. This not just because of their 4G and LTE capabilities, which means they can generate a lot of bandwidth traffic, but because they are very good at generating application level DDoS attacks. They can attempt to overload a database with queries and perhaps use up all of an application’s resources. This is done through WebRequest, which can be easily sent over any mobile network. We all know that most mobile phones are usually not protected by any kind of security software, so once they infected, they usually stay infected for a very long time because most people don’t notice it, as they don’t switch off their phones after 24 hours online. As a result, I think that mobile phones might be a better attacking platform than a laptop that you would shut down overnight. ITIC: What kinds of services does Symantec offer for defending against these attacks? CW: Symantec is very active in the intelligence and protecting people from becoming the source of an attack. We can help you defend against having your service compromised by any of the malware tools being used or a third-party amplification attack. We cooperate with different companies for the distribution of the network, but that is more of the focus of companies like Akamai and CloudFlare. With our knowledge that we have in the data centre, we can help with the flexibility of setting up networks that can be integrated into those services without having to switch too much on your existing platform. ITIC: Are DDoS issues more of a problem in Canada then they are in the U.S.? CW: As a country, Canada is doing well. It’s less of a problem there compared to the U.S., but we can’t expect there to be a country where DDoS attacks aren’t happening. One of the reasons is because they’re so easy to conduct, and many more hackers are relying on them now as a result. They are definitely happening in Canada, and people should definitely be preparing themselves if they haven’t already done so. ITIC: What can companies do to protect their cloud from attacks? CW: Cloud protection is an interesting problem. Companies should definitely read the FAQs from their cloud service providers to learn how they can protect against denial-of-service attacks. Sometimes, they might be a DDoS attack against a company’s online storage, but if it’s targeting the cloud provider, the business might not even notice that they are under attack. They might just notice that they are no longer available, or the availability of certain documents is failing. You should definitely talk to you cloud provider about how they are protected against DDoS attacks, and most of them do have a plan or have multiple locations and balancing in place to cope with these attacks. Make sure that you are aware of them, and if they don’t have them, you should consider moving to another one or plan a strategy on how you can switch to a secondary site in the event of an attack. ITIC: What does the future hold for DDoS attack prevention? CW: With DDoS attack prevention, we see that it’s moving in another way, but kind of complimenting to the whole bandwidth issue. At the moment, most of the mitigation tactics rely on providing a larger bandwidth so that the attackers cannot fill it up. This is good for basic attacks, but we see that there is a limitation to this. In the end, this is a race which will be won by the attackers most of the time because they can compromise more machines. What we see in the future is that we have to rely more on the protection of resources, such as websites and databases, and ensuring that they are protected and secure against having their resources used up. We also have to ensure we can perform proper filtering and only let genuine people in. We see more features being implemented in back service technologies or proxies that are close to the web server. Source: http://www.itincanadaonline.ca/index.php/security/1003-defending-against-the-dark-arts-of-ddos

Read the original post:
Defending against the dark arts of DDoS

Your computer might be launching a DDoS attack

India stands first in a list of 50 countries where distributed denial-of-service (DDoS) originate and cybercriminals can get DDoS attacks on hire for Rs. 300 for a three-minute assault. These were the findings of a research titled ‘The continued rise of DDoS attacks’, conducted by engineers and analysts at Symantec, evaluating data between January and August 2014, based on its 41.5 million attack sensors and records of thousands of events per second in 157 countries. A DDoS attack is an attempt to deny a service to users by overwhelming the target with activity. Botnets bombard the server with requests which it is unable to understand or process. It is ‘distributed’ as multiple sources attack the same target. The legitimate user gets messages such as ‘the server is undergoing technical problems and will be right back’. Any home computer can be part of a botnet due to installation of malicious software. While the study said 26 of all the DDoS traffic originated in India, (followed by the U.S., Singapore, Vietnam and China), Tarun Kaura, director, Technology Sales, Symantec India, told The Hindu that it did not mean people launching DDoS attacks were located in India, as the attacks were orchestrated remotely. He said, “It does not mean the hackers are Indians or that the targets are Indians. But it indicated India’s emergence as a hotbed for launching the attacks due to low cyber security awareness and inadequate security practices. This is because sources for the attacks are countries that have a high number of bot-infected machines and a low adoption rate of filtering of spoofed packets.” In spoofed packets, a sender can make it appear like the data packet has arrived from a different source. The study further said “booter” services were available on rent so a DDoS attack could be “hired” at Rs. 300 ($ 5) for a few minutes against targets. Booter services are web-based services that do DDoS attacks for hire at low prices. Higher prices fetch longer attacks and gamers use them as a monthly subscription service to kick at competitors. DDoS attacks are a favourite with hacktivists and cyber gangs to threaten rivals, settle personal grudges, and to distract IT security response teams. Most attacked sectors globally are the gaming, software, and media industries. In future, attacks were likely to increase in mobile and Internet of Things (IoT) devices, and users should protect their servers and know their network’s “normal” behaviour to respond to attacks, the study said. Source: http://www.thehindu.com/news/cities/bangalore/your-computer-might-be-launching-a-ddos-attack/article6580933.ece

Read More:
Your computer might be launching a DDoS attack

Emoticons blast three security holes in Pidgin :-(

Dump docs on users’ disks using only ASCII art (°O°) Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation.…

Read the article:
Emoticons blast three security holes in Pidgin 🙁

18 Election Websites Offline During the U.S. Midterm Elections possible DDoS attack

On the day of the U.S. midterm elections, the Contra Costa County Department of Elections website for was inaccessible starting at 7:20 a.m. local time. And it wasn’t alone, the Bay Area News Group reported that 18 election websites run by Florida-based SOE Software across the country were down for most of the election day. According to local news reports, Contra Costa County officials said the hosting of the website was contracted to SOE Software, which was also offline at the time. Election officials said SOE Software was working trying to fix the problem, and the sites were back online this week. The main function of election websites is to provide information on where voters can find polling stations, but they also provide features such as Vote by Mail ballot registration. Officials recommended that voters needing to find their polling station visit Get to the Polls, a website sponsored by the Pew Charitable Trust and others. It’s possible that the election websites were unprepared for the amount of traffic they would get on election day, but it’s also likely that a Distributed Denial of Service attack flooded SOE Software’s servers with requests, blocking legitimate traffic from reaching the websites it hosts. Source: http://www.thewhir.com/web-hosting-news/least-18-election-websites-offline-u-s-midterm-elections

Read More:
18 Election Websites Offline During the U.S. Midterm Elections possible DDoS attack

100 Bitcoin bounty slapped onto head of blackmailer who DDoS attack Bitalo site

  On Saturday, an attacker and blackmailer “DD4BC” sent a note to the Bitalo Bitcoin exchange threatening distributed denial of service (DDoS). DD4BC demanded 1 Bitcoin (about £206, $326) as protection money and for “info on how I did it and what you need to do to prevent it”. Hello Your site is extremely vulnerable to ddos attacks. I want to offer you info how to properly setup your protection, so that you can’t be ddosed! My price is 1 Bitcoin only. Right now I will star small (very small) attack which will not crash your server, but you should notice it in logs. Just check it. I want to offer you info on how I did it and what you have to do to prevent it. If interested pay me 1 BTC to [Bitcoin address] Thank you. Bitalo CEO Martin Albert eschewed the offer for lessons on avoiding DDoS. Instead, the exchange slapped a bounty on DD4BC’s head, to the tune of 100x the ransom money. That price may seem steep, but this is serious business to Albert, who told Motherboard that his company wants to show that it’s serious. He noted that while its users’ funds were never at risk because of Bitalo’s multi-signature setup, extortionists like DD4BC nonetheless threaten the smaller startups that complete the global Bitcoin community. These kind of people can do much more harm to the community than any government by regulation or something like that, in my opinion. Fear and uncertainty take their toll as well: Bitcoin value plummeted after the fall of Mt. Gox. DD4BC’s DDoS attack on Bitalo lasted two days. Albert said that the company soon found out that the same attacker was behind threats to others: Immediately we figured out it was not an unknown guy; it was this guy who also threatened many other people. The list of DD4BC’s targets include exchange CEX.io and Bitcoin sportsbook Nitrogen Sports, Albert said. Now, the company is offering 100 BTC – about $32,859 or £20,599 at Tuesday’s exchange rates – through the Bitcoin Bounty Hunter site. This isn’t the first bounty for a Bitcoin burglar, but it’s the biggest by far. Other bounties include: ?37.6875 (approx. $12,331, £7,710) For help in catching whomever broke into the email accounts of Satoshi Nakamoto – the person or people who created the Bitcoin protocol and reference software – and Bitcoin angel investor, evangelist, the founder himself of the Bitcoin Bounty Hunter site, and a man known by some as the “Bitcoin Jesus”, Roger Ver. ?2.1249 (approx. $698, £434) For help in catching whomever’s behind the missing 600K BTC from Mt. Gox. Ver told Motherboard that he started the bounty site in September after somebody got into an old email account and started making threats: Somebody hacked an old email account of mine and then was claiming they were going to steal my identity. [They also demanded] that I pay them $20,000 worth of bitcoin or they were going to ruin my life and ruin my family’s life, and they made all sorts of nasty threats. At the time, Ver offered a 37 BTC reward in a Facebook post for “information leading [to] the arrest of the hacker.” The problem was that he didn’t know what to do with the information people sent him, he said, some of which appeared legitimate but some of which were clearly a joke. Thus was Bitcoin Bounty Hunter born: a site that allows anyone to offer information and claim a bounty anonymously. It relies on the site proofofexistence.com, which requires informants to send in details in a manner that proves that they know something without revealing what it is that they know. In order to claim any of the bounties, the culprit has to be arrested and convicted. Why not just go to the cops? Ver told Motherboard that when he’s been targeted by theft in the past, he had to track down the stolen parts himself before the police became interested. The police in California did absolutely nothing to help, they didn’t even lift a finger. Going to the police, traditionally, they don’t do much of anything to help at all. By providing a bounty I think you can provide an incentive to have anybody – including the police – to actually do the right thing and help victims of crimes. Albert said there haven’t been any real tips on the Bitalo attacker yet, but the company’s also analysing traffic to try to get at the blackmailer’s identity. Source: http://nakedsecurity.sophos.com/2014/11/05/100-bitcoin-bounty-slapped-onto-head-of-blackmailer-who-ddosed-bitalo/

Taken from:
100 Bitcoin bounty slapped onto head of blackmailer who DDoS attack Bitalo site

DDoS Explosion Imminent for Guy Fawkes Day

Guy Fawkes: famous for a plot to assassinate England’s King James in 1604 and for guarding copious amounts of gunpowder, is remembered every Nov. 5 in Britain with fireworks and bonfires. Researchers say that businesses should brace themselves for a different kind of plot: an influx of distributed denial of service (DDoS) attacks from hacktivist group Anonymous on Wednesday. “The forecast for the future looks dark, as we expect to see many DDoS attacks during Guy Fawkes Day on November 5, as the Anonymous collective has already announced various activities under the Operation Remember campaign,” said Candid Wueest, threat researcher at Symantec, in a blog. “However, hacktivists protesting for their ideological beliefs are not the only ones using DDoS attacks. We have also seen cases of extortion where targets have been financially blackmailed, as well as some targeted attacks using DDoS as a diversion to distract the local CERT team while the real attack was being carried out.” DDoS attacks have grown in intensity as well as in number in the last two years, although the duration of an attack is often down to just a few hours. Amplification attacks especially are very popular at the moment as they allow relatively small botnets to take out large targets with amplification factors of up to 500. For such an attack, spoofed traffic is sent to a third-party service, which will reflect the answer to the spoofed target. “Such attacks are simple to conduct for the attackers, but they can be devastating for the targeted companies,” said Wueest. From January to August 2014, Symantec has seen a 183% increase in DNS amplification attacks, making it the most popular method seen by Symantec’s Global Intelligence Network. Multiple methods are often used by attackers in order to make mitigation difficult and, to make matters worse, DDoS attack services can be hired for less than $10 on underground forums. “It is the distribution of hosts that attracts attackers — such as the group Anonymous — as it provides multiple advantages; undetectable location, multiple machines and identity anonymity,” said Alex Raistrick, director cybersecurity solutions at Palo Alto Networks. And all of that “which makes DDoS attacks an appealing instrument for destruction on Guy Fawkes Day,” he added. As far as mitigation, Raistrick noted that some attacks simply exploit vulnerabilities that subsequently crash or severely destabilize the system so that it can’t be accessed or used. “Segmentation helps to block attacks trying to spread from one area of the network to another,” he said. “Next-generation firewall will also directly contribute to a stronger overall security platform, starting with the endpoint and detecting attacks there as well as detecting when threats are attempting lateral moves within networks.” He added, “Essentially, make your estate difficult and expensive to breach — and the bad actors will go elsewhere.” Source: http://www.infosecurity-magazine.com/news/ddos-explosion-imminent-for-guy/

Follow this link:
DDoS Explosion Imminent for Guy Fawkes Day