Monthly Archives: April 2015

iOS, OS X apps sent into infinite dizzy DoS by this one weird kernel bug

Apple patches OOB boob to stop API noobs being duped Kenton Varda has found a ‘weird’ kernel bug used in Apple gear that could result in trivial denial of service by remote attackers.…

Originally posted here:
iOS, OS X apps sent into infinite dizzy DoS by this one weird kernel bug

Denial of service attacks pour through rift in Network Time Protocol

Mismatched clocks allow poison packets to prevent synching, and sink you Red Hat security chap Miroslav Lichvar has revealed two vulnerabilities in the Network Time Protocol (NTP) that allow attackers to get clients to execute unauthenticated packets.…

View post:
Denial of service attacks pour through rift in Network Time Protocol

DOSarrest External Monitoring Service launches iOS and Android App

VANCOUVER , April 8, 2015 /PRNewswire/ – DOSarrest Internet Security, a fully managed cloud based DDoS protection service, today announced that their DOSarrest External Monitoring Service (DEMS), a real-time website monitoring tool, launches a new iOS and Android application for clients. This application is a complimentary service to all DOSarrest clients who are subscribed to DOSarrest’s industry leading DDoS protection service. The new mobile application on iOS and Android will allow clients to easily access and view their website(s) status and performance in real-time 24/7/365, as well as enable them to historically view all of the statistics for up to 1 year from 8 globally distributed sensors. Jag Bains, CTO of DOSarrest says “This application is beneficial to all of our clients who have a mission critical website that requires 100% uptime. Unlike other monitoring services, this service is fully managed 24/7/365. Should anything unexpected occur, our engineers will investigate, pinpoint and advise the client on a solution in near real-time. No other vendor in this industry offers this level of customer service.” “We have a number of clients who depend on this service and some have subscribed to it that aren’t even using our DDoS protection service,” says Mark Teolis , CEO of DOSarrest. “With the new mobile application, in one click on your smart phone, you can view what sites are up or down and why in real-time, whenever and wherever you are. It’s like the laptop version in your pocket.” Teolis adds “As I far as I know, no other DDoS protection service or CDN offers any such complimentary service that compares to our External Monitoring Service, with 8 globally distributed sensors completely independent of any of our scrubbing nodes.” About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, B.C. , Canada , is one of only a couple of companies worldwide to specialize in cloud based DDoS protection services .  Additional Web security services offered are Cloud based W eb A pplication F irewall (WAF), V ulnerability T esting and O ptimization (VTO) as well as cloud based global load balancing. SOURCE: http://www.prnewswire.com/news-releases/dosarrest-external-monitoring-service-launches-ios-and-android-app-499026641.html

Read More:
DOSarrest External Monitoring Service launches iOS and Android App

Israeli sites targeted by annual Anonymous ‘OpIsrael’ DDoS attacks

Israeli sites targeted by annual Anonymous ‘OpIsrael’ cyber attacks Hackers fail to bring down government websites, but successfully target sites belonging to musicians, organization for excellence in education and association of urologists. The “electronic Holocaust” promised by pro-Palestinian Anonymous hackers on Tuesday has yet to come, but it appears attempts to attack Israeli cyber targets continues. On Tuesday afternoon many Israelis received messages with Arabic text that says: “We’ll free the two holy mosques from the sons of the Jews.” Natalie Ben-Hemo from Lod received the message, which came from the number 007. “I imagined it must have something to do with the Anonymous attack and I checked on Google Translate what the message in Arabic means,” she said, saying her brother-in-law also received the message. Yavgeny Kogen from Kiryat Ata also received the message, “I realized they must’ve hacked one of the content providers of SMS messages and sent messages to everyone. Other than that, I haven’t come across other cyber attacks.” Overnight Monday, dozens of websites were brought down by pro-Palestinian hackers. Major government websites were targeted but were not brought down, including the sites for the Knesset, Education Ministry and the government portal. Most hacking attempts come in the form of a denial of service (DoS) attack, in which a website is inundated with requests for access, to the point that the site’s servers cannot cope and the site either functions extremely slowly or collapses altogether.   Despite the largely failed attempt to bring down government websites, numerous private sites were brought down Tuesday, with many displaying the phrase “Hacked by Anonghost”. Among those hacked were the official sites for singers Shalom Hanoch and Ivri Lider, popular band Hadag Nachash, the Israeli Center for Excellence through Education, the Israeli Urological Association and others.   In addition, hackers claimed to have also accessed a number of email accounts, and published the list of compromised sites and emails. They also claimed to have hacked the website of the court system, but that was working normally by Tuesday morning.   The annual attack on Israeli websites, or “#OpIsrael”, is carried out by those identifying as Anonghost or Anonymous. The stated goal is to repay various groups and bodies in Israel for the country’s treatment of the Palestinians, by causing inconvenience and discomfort for Israeli citizens, which it says Israel does to the Palestinians. Every few months or so, hackers threaten to launch cyber attacks on Israeli sites. In many cases, hackers fail to carry out the attack, or cause minimal and temporary damage. In some cases, lists of Israeli user names and passwords for email and social media sites are distributed online, in order to scare Israeli internet users, but often they are old passwords. On April 7 last year, there was a small-scale cyber attack on Israel, but with no significant victims. Source: http://www.ynetnews.com/articles/0,7340,L-4644894,00.html   “As we did many times, we will take down your servers, government websites, Israeli military websites, and Israeli institutions,” said a video message released recently, warning of the impending attacks.   “We will erase you from cyberspace in our Electronic Holocaust.”  

Read more here:
Israeli sites targeted by annual Anonymous ‘OpIsrael’ DDoS attacks

Microsoft, Sony, and Nintendo collaborating to stop DDoS attacks

Xbox boss Phil Spencer has been talking with his rivals to see how they can avoid a repeat of the Christmas Xbox Live and PSN downtime. It’s very rare for console manufacturers to work together on anything, but the DDoS attacks on Xbox Live and PSN over Christmas have been enough for Microsoft to initiate conversations with its two rivals. ‘I don’t think it’s great when PSN goes down,’ Spencer told Game Informer. ‘It doesn’t help me. All it does is put the fear and distrust from any gamer that’s out there, so I look at all of us together as this is our collective opportunity to share what we can about what we’re learning and how things are growing. Those conversations happen, which I think is great.’ He added that the Christmas attacks had been a ‘learning experience’ and that, ‘Our commitment to Xbox One customers is to make sure our service is robust and reliable’. Although Xbox Live seemed to recover more quickly from the attacks than Sony, and Nintendo weren’t affected at all, there is no easy defence against DDoS as they’re not really hacking (no data was stolen or accessed) and simply involve overloading a server with requests. As a result it’s not clear what defences Spencer was discussing with Sony and Nintendo, but it is good to know they’re at least talking. Source: http://metro.co.uk/2015/03/06/microsoft-sony-and-nintendo-collaborating-to-stop-ddos-attacks-5091159/

More:
Microsoft, Sony, and Nintendo collaborating to stop DDoS attacks

The best way to stop DDoS attacks

For the fastest response, you can’t beat in-path deployment of a high-performance DDoS mitigation device that is able to detect and mitigate immediately Experiencing a distributed denial-of-service (DDoS) attack is like having your home flood. Without warning, attackers can upend your enterprise. Every moment counts, but unfortunately by the time some DDoS solutions identify and report the attack, the damage is already done. You need a faster, more immediate means of threat detection to prevent severe damage. When a DDoS attack hits your network, a long time can pass before the security/network staff fully realizes it is actually a DDoS attack that is affecting the services, and not a failing server or application. Even more time may pass before the actual mitigation of the threat starts to take effect. Volumetric attacks, though devastating, take a while before users and internal service monitoring systems notice their effects. Application layer attacks are much harder to detect, as they tend to fly under the detection radar because of their low-volume profile. When mitigation starts too late, the damage may already be done: the firewall state table may be overwhelmed, causing reboots, or worse, it locks up, making the DDoS attack effective from the attacker’s perspective. The service is no longer available to legitimate users. Deployment Methods and Detection A variety of methods allow security teams to gain insight into what’s going on in a network. One of the more popular approaches is flow sampling as virtually all routers support some form of Flow technology, such as NetFlow, IPFIX, or sFlow. In this process, the router samples packets and exports a datagram containing information about that packet. This is commonly available technology, scales well, and is quite adequate to indicate trends in network traffic. For in-depth security analysis purposes, however, relying on samples is a serious concession; you miss a large piece of information as you only receive one packet out of a thousand, or worse. A flow analytics device has to evaluate the behavior of a traffic stream over a longer time period to be sure something is wrong, and to avoid false positives. Common DDoS protection deployments use a flow analytics device, which reacts to the discovered incident by redirecting the victim’s traffic to a mitigation device and telling it what action to take. This method scales well for gathering traffic to be analyzed, and the reactive model only redirects potentially bad traffic, which allows for some bandwidth oversubscription. But this is risky business as the mean time to mitigate can run into minutes. For the most insightful detection and fastest mitigation, you can’t beat in-path deployment of a high-performance DDoS mitigation device that is able to detect and mitigate immediately. In-path deployment allows for continuous processing of all incoming traffic (asymmetric) and possibly also the outgoing traffic (symmetric). This means the mitigation device can take immediate action, providing sub-second mitigation times. Care should be taken that the mitigation solution is able to scale with the uplink capacity, and the real-world performance during multi-vector attacks. As an alternative to in-path detection and sampling, mirrored data packets provide the full detail for analysis, while not necessarily in the path of traffic. This allows for fast detection of anomalies in traffic, which may have entered from other entry points in the network. While setting up a scalable mirroring solution in a large network can be a challenge, it can also be an excellent method for a centralized analysis and mitigation center. Watch your performance metrics Bandwidth is an important metric for most people. When shopping for home Internet connection, people most often compare the bandwidth metric. While it is important, as with many things, the devil is in the details. Networking devices ultimately process network packets, which typically vary in size. Small packets use less bandwidth, while large packets amount to larger bandwidths. The main limitation of the networking node is set by the amount of packets a device can process within a second. By sending many small packets at a high rate, an attacker can stress out the infrastructure quite quickly especially traditional security infrastructure such as firewalls, or Intrusion Detection Systems. These systems are also more vulnerable to stateless, high-rate assaults such as many flooding attacks, due to their stateful security approach. Verizon’s 2014 Data Breach Investigations Report notes that the mean packet-per-second (pps) attack rate is on the rise, increasing 4.5 times compared to 2013. If we carefully extrapolate these numbers, we can expect 37 Mpps in 2014 and 175 Mpps in 2015. These are the mean values to show the trend, but we have seen many higher pps rates. While the mean value demonstrate the trend, to properly prepare your network, you should focus on worst-case values. Assure your Scalability As DDoS attacks, and especially volumetric attacks, enter the network with extreme packet-per-second rates, you need a mitigation solution with adequate packet processing power Scaling the analytics infrastructure is also an important consideration. Flow technology scales rather well, but at a massive cost: it compromises granularity and time-to-mitigate. If your vendor provides performance numbers that match your network size, be aware that the real-world performance may be lower. The current trend is that attacks use multiple attack vectors; multiple attacks methods are launched simultaneously. Datasheet performance figures provide a good indicator to match the product to your needs, but it is advisable to test your prospect mitigation solution, and validate it through a series of tests to see how it holds up against a set of attack scenarios in your environment. The multi-vector attack trend illustrates the importance of validating performance. Running a basic attack such as a SYN flood puts a base stress level onto the CPUs – unless, of course, the attack is mitigated in hardware. Making the system simultaneously fight a more complex application-layer attack such as an HTTP GET flood attack could push a system over its limit. Periodic validation of your network’s security performance is critical to ensure that your security solutions will hold up during various simultaneous attacks, and to ensure that your network investments are up to the task in a growing, secured network. Network flooding does indeed have a lot in common with a home flooding. The sooner you know it is happening, the sooner you can take action. Just make sure your sandbags are up to the task! Source: http://www.computerworld.com.au/article/571980/best-way-stop-ddos-attacks/

Read the original:
The best way to stop DDoS attacks

University servers not at risk for information breach during DDoS attacks

Last week, University servers were hit by a Distributed Denial of Service attack that led to the shutdown of Sakai and the Central Authentication system, rendering RUWireless inoperable for several days, as reported by The Daily Targum on Tuesday. During a DDoS, servers are flooded by requests from an external source. Bots, or hijacked computers, were programmed to inundate the University’s secure servers with requests for information. Many of these hijacked computers appeared to originate from outside of the United States. It is likely no University computers were co-opted into contributing to the attacks. A DDoS attack differs from a break-in in one key way –– a DDoS forces servers to shutdown, while a data breach is performed to steal or delete information. Notably, Sony has been broken into multiple times in the past few years, leading to theft of credit card and other private information. While some services, such as the Playstation Network in 2011, were disrupted, this was more of a byproduct caused by the hack. Stealing or deleting information was not a goal of the Rutgers attack. Hacking can be done by installing malware onto a server or by hunting down and exploiting weaknesses –– such as digital holes in a firewall. The methods of breaking into a system are different enough from those of a DDoS that they can be identified and dealt with. While both exploit vulnerabilities, the former does so subtly to gain access and control. A DDoS is less refined, and because of the nature of the Rutgers attacks, at no time was any private information vulnerable to theft. A series of emails sent by the Office of Information Technology and the Telecommunications Division explained that Sakai and CAS were taken offline to protect them and the University servers from the DDoS attacks, which continued through Sunday. These services were made available again to those using an on-campus network late Sunday, and to off-campus students again on Monday. Rutgers employs “DDoS mitigation” software that is designed to help detect and end attacks by noting how traffic patterns –– what computers request information –– change, including where traffic originates from. This notifies system administrators when an abnormally large number of atypical requests are being made. The Internet in general is structured so that information cannot easily be lost. Every tweet, picture, forum message, video and private piece of information remains online even if a user ostensibly deletes it. Rutgers has a vast, complicated network of servers, many different wireless networks and storage for all the information the University holds, both onsite and offsite, and backups for this data do exist in the unlikely event it is rendered unusable on one platform. The way the data is held also prevents changes being made to it once it is stored. Deleting this information would be difficult for a hacker and stealing it more so. Denying students the opportunity to study for exams, access their grades or contact their professors is much easier in comparison. While this denial caused, and can cause, a lot of harm in terms of productivity and even just keeping up with what’s happening at the University, it has less of an effect on any of the actual data stored here. Source: http://www.dailytargum.com/article/2015/04/u-servers-not-at-risk

Visit site:
University servers not at risk for information breach during DDoS attacks

Michigan High School Student Facing Charges After lauching DDoS attack on School Network

A student at Monroe High School in Monroe, Michigan, was recently caught conducting a distributed denial of service attack (DDoS), and Monroe Public Schools Superintendent Barry Martin says the district will be pressing charges. Over a period of two weeks, the unnamed student managed to take the network down for ten to fifteen minutes at a time during the school day. This had a heightened effect on the district, as modern-day high schools rely heavily on the Internet for administration as well as classroom instruction. “We are so reliant on the Internet that we can’t afford to have down time,” said Stephen McNew, the superintendent of the district in which the student attended school. No Sensitive Data Compromised Despite having success at being disruptive, an act that the student considered to be a prank, no sensitive documents, e-mails, or files were ever compromised, which should contribute greatly to his defense. Merely disrupting communications is far less of a crime than is stealing sensitive information about other students or private communications between staff members. “A Good Student” Barry Martin called the alleged hacker “a good student” in comments to the Monroe News but said that this act could not be tolerated, and charges would be filed. DDoS is a federal felony, but from the sounds of it, the FBI has not yet been involved in the case. It is taken very seriously when the targets are larger organizations or government institutions, and ordinarily those who are serious about conducting DDoS attacks are careful to cover their tracks. It is not yet evident how the student was found to be a suspect in the case, but in the town of roughly 20,000 people, the pool of likely suspects is rather slim. The profile would be a student with high grades and extreme computer aptitude. This would make the pool of likely suspects even smaller. The way that high schools often conduct such investigations, the student would have been brought in front of a police officer and interrogated until he confessed. Like as not, school officials would pretend to know already that he was guilty, and he would confess. Equally as likely, the student bragged about it to another student, who then turned him in. Another thing that the administrators said about the student was that he probably didn’t know the seriousness of what he was doing. This is in line with existing research that has concluded that adolescents are less likely to consider the consequences of their actions before taking them. Locals Have Mixed Feelings Many locals on the Monroe News Facebook page felt that a felony would be too stern a response for the gifted student’s prank. After all, in the end, the one thing he illustrated was that the school district had a weak network infrastructure that needs upgrading. Especially if, as administrators have said, they are extremely reliant on the Internet in daily teaching. Source: https://hacked.com/michigan-high-school-student-facing-charges-ddosing-school-network/

View post:
Michigan High School Student Facing Charges After lauching DDoS attack on School Network

Anonymous proxies now used in a fifth of DDOS attacks

The number of DDOS attacks using anonymous proxies has increased The number of distributed denial of service attacks using anonymous proxies has increased dramatically over the past year, according to a new research report, as attackers use these proxies to create an instant pseudo-botnet. Ofer Gayer, security researcher at Redwood Shores, CA-based Incapsula Inc., said he first spotted the trend about a year ago. Incapsula was working on creating a database of IP addresses spotted attempting malicious activity, and discovered that attackers were abusing anonymous proxies to turn a regular single-origin denial of service attack into a distributed denial of service attack with traffic flowing through thousands — or tens of thousands — different IP addresses. A year ago, fewer than 5 percent of DDOS attacks came through anonymous proxies. Today, the number is close to 20 percent, Gayer said. “The trend intensified over the past two months,” Gayer said. “Currently, 20 percent of all application-layer attacks are originating from these proxy servers.” Of those, nearly 45 percent came from the TOR network of anonymous routers, and, of those, 60 percent used the TOR Hammer DoS tool. On average, a single attacker would direct traffic from 1,800 different IP addresses, with 540,000 requests per instance. According to Incapsula product evangelist Igal Zeifman, what this means is that an attacker could be sitting at home, on a single computer, and route traffic to a list of anonymous proxies to create an instant botnet-style attack. All it takes is a proxy harvesting script and a publicly-available DOS toolkit. Anonymous proxies, or anonymizers, can serve a useful purpose, preventing identity theft, protecting search histories, avoiding geographical marketing and access restrictions, and allowing activists to bypass Internet censorship of repressive regimes. They also offer several benefits to DDOS attackers. First, they mask the source of an attack and help the attackers evade security measures based on access control lists. They also help the attacker avoid geo-blacklisting, since the attack can be spread among proxies in many different countries. Second, since each proxy is only passing along a small number of messages, it helps the attackers avoid counter-measures based on limiting the number of messages from a single source. Finally, proxies make slight changes to message headers. That helps the attackers avoid signature-based defenses. “You can Google to find several options to generate lists of these servers,” said Zeifman. “And these servers accept requests from anyone.” Each of the anonymous proxies can be used to forward a small amount of traffic, that, together, add up to enough to take down an application. “It’s like a thousand needles, stinging all at the same time,” said Zeifman. Since the attackers are going after application, not much traffic is required. “Very few server operators think about over-provisioning their CPUs,” he said. “Even a small overhead of 100 requests per second is enough to take down a dedicated server environment.” Source: http://www.csoonline.com/article/2903939/application-security/anonymous-proxies-now-used-in-a-fifth-of-ddos-attacks.html

Visit link:
Anonymous proxies now used in a fifth of DDOS attacks