Monthly Archives: June 2016

Central banks of South Korea and Indonesia bulk up security following DDoS attacks by hacktivists

The central banks of Indonesia and South Korea are reportedly bulking up security on their public-facing websites after being hit with cyberattacks and distributed-denial-of-service (DDoS) disturbances linked to notorious hacking collective Anonymous. In response to the attempted cyberattacks, Ronald Waas, deputy governor of Bank Indonesia (BI), told Reuters his institution was forced to block 149 regions that don’t usually access its website, including “several small African countries”. The central banks of Indonesia and South Korea are reportedly bulking up security on their public-facing websites after being hit with cyberattacks and distributed-denial-of-service (DDoS) disturbances linked to notorious hacking collective Anonymous. In response to the attempted cyberattacks, Ronald Waas, deputy governor of Bank Indonesia (BI), told Reuters his institution was forced to block 149 regions that don’t usually access its website, including “several small African countries”. As previously reported, a video statement posted to YouTube on 4 May by the group said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous.” Later, the central bank of Greece admitted its website was taken offline for a short period of time. This was followed by other banks in countries including France, England, Scotland and Sweden. In June, the hackers announced that ‘phase three’ of the operation has started – dubbed Project Mayhem – and that the focus of the campaign would change to include major stock exchanges. In any case, the global banking system has been left shaken by a number of successful hacks, breaches and cyber-heists throughout 2016. In one attack, the Bangladesh central bank was targeted by a highly coordinated team of hackers that were able to steal a massive £81m via fraudulent money transfers. Source: http://www.ibtimes.co.uk/central-banks-south-korea-indonesia-bulk-security-following-ddos-attacks-by-hacktivists-1566836

Continue reading here:
Central banks of South Korea and Indonesia bulk up security following DDoS attacks by hacktivists

Botnet-powered account takeover campaign hit unnamed bank

A single attacker has mounted two massive account takeover (ATO) campaigns against a financial institution and an entertainment company earlier this year, and used a gigantic botnet comprised of home routers and other networking products to do it. “ATO attacks (also known as credential stuffing) use previously breached username and password pairs to automate login attempts. This data may have been previously released on public dumpsites such as Pastebin or directly obtained by attackers through … More ?

See the article here:
Botnet-powered account takeover campaign hit unnamed bank

Overwatch Servers Went Down After Alleged DDoS Attack

Infamous hacker group Lizard Squad is thought to be at it again, this time taking down Overwatch servers and leaving players unable to join and remain in a session. Over the past week, Blizzard has been experiencing some problems with Battle.net that have made it difficult for players to use the service as intended with games like Overwatch . Now, there’s word that these issues might have been caused by a DDoS attack launched by members of hacker group Lizard Squad. Some users are reporting that they are unable to log in to Battle.net. Others are able to enter, but find themselves kicked out of multiplayer matches in Overwatch for seemingly no reason. Ordinarily, issues like these would be brushed off as being part and parcel of the modern online experience. However, a suspicious tweet from a known Lizard Squad member has led to the group being implicated, according to a report from VG247. The above tweet is being taken as proof that Lizard Squad member AppleJ4ck was involved with the attack. Some Overwatch players responded to his post to vent their annoyance about the situation — to which AppleJ4ck responded, “in a way, I’m doing y’all a favor.” This is not the first time that Lizard Squad has targeted organizations within the video game industry. The group rose to prominence back in 2014, when a coordinated attack brought down the PlayStation Network and Xbox Live over Christmas, causing massive headaches for the companies involved. Of course, the attack was not an unmitigated success for the group, as the high-profile hack made Lizard Squad an immediate target for authorities. Just days later, a 22-year-old alleged to be a part of the organization was the subject of a raid by police in the United Kingdom. However, the strength of a group like Lizard Squad is the fact that they are spread all over the world. Individual members can be found and brought to justice, but it’s difficult to make a concerted attempt to stamp out its activity outright. If the situation is hard on the authorities, then it’s even more challenging for a company like Blizzard. The overwhelming popularity of Overwatch means its hard enough for the company to keep Battle.net afloat at the best of team, never mind when there are hackers on the prowl. Unfortunately, criminal elements like Lizard Squad are part and parcel of the modern online experience. Companies like Blizzard have to take these groups into consideration when operating a service like Battle.net — hackers have the power to ruin the experience for the rest of us, and the only defence is a robust level of security. Source: http://gamerant.com/overwatch-servers-down-ddos-attack-846/

More:
Overwatch Servers Went Down After Alleged DDoS Attack

Muslim Brotherhood’s Website Suffers DDoS Attacks and Data Leak

The official English language website of Muslim Brotherhood movement was forced to go offline after facing massive DDoS attacks! Earlier today, a hacker going by the handle of SkyNetCentral conducted a series of distributed denial-of-service (DDoS) attack on the official website of Society of the Muslim Brothers or Muslim Brotherhood (Al-Ikhwan al-Muslimun in Arabic) forcing the website to go offline despite using CloudFlare DDoS protection service. The hacker also conducted  DDoS attacks on the official website of Freedom and Justice Party, which is an Egyptian political party affiliated with Muslim Brotherhood. That’s not all, the attacker also managed to bypass site’s security and steal Al-Ikhwan al-Muslimun’s files from the database, ending up leaking it online for public access. Upon scanning the leaked data HackRead found it to be legit and never been leaked on the internet before. The data dump contains IP addresses, email conversation, comments and commenters’ names and IP addresses. It seems as if the hacker only managed to compromise some tables of the database without getting hold of any sensitive data. The only damage that can be caused is tracing the location of the commenters but that’s not a task just anyone can perform. Here is a screenshot from the leaked data showing comments and IP addresses: At the moment, the motive behind these attacks is unclear however after going through attacker’s profile it’s evident that they have been targeting Muslim Brotherhood, Council on American-Islamic Relations – CAIR and other similar organizations. Source: https://www.hackread.com/muslim-brotherhoods-website-suffers-ddos-attacks/

More here:
Muslim Brotherhood’s Website Suffers DDoS Attacks and Data Leak

Businesses receive another warning over the threat of DDoS attacks

We have all heard the stories of businesses which have suffered debilitating DDoS attacks and, in some cases, succumbing altogether. Take Code Spaces, the web-based SVN and Git hosting provider which suffered such an attack in June 2014 that it was forced to wave the white flag and cease trading after recovering all the data lost would cost too much. Now, a new piece of research from A10 Networks argues businesses face ‘sudden death’ from DDoS if caught unawares. The average company was hit by an average of 15 DDoS attacks per year, according to the survey of 120 IT decision makers, with larger organisations more badly affected. One in three (33%) respondents said they had encountered DDoS attacks of more than 40 Gbps, while one in five had suffered downtimes of more than 36 hours due to the attack. The average attack of those polled lasted 17 hours. More than half (54%) of respondents said they would increase their DDoS budgets in the coming six months, while multi-vector attacks were seen by the majority of those polled (77%) as the most dangerous form of DDoS threat in the future. “DDoS attacks are called ‘sudden death’ for good reason. If left unaddressed, the costs will include business, time to service restoration and a decline in customer satisfaction,” said A10 Networks CTO Raj Jalan. He added: “The good news is our findings show that security teams are making DDoS prevention a top priority. With a better threat prevention system, they can turn an urgent business threat into an FYI-level notification.” Previous research has examined the growing sophistication of DDoS threats. In April, Neustar argued that such DDoS issues were “unrelenting”, with more than seven in 10 global brands polled having been subject to an attack. Source: http://www.appstechnews.com/news/2016/jun/16/businesses-receive-another-warning-over-threat-ddos-attacks/

Continue reading here:
Businesses receive another warning over the threat of DDoS attacks

DDoS defenses have been backsliding but starting a turnaround

Distributed denial-of-service attacks have been getting bigger and lasting longer, and for the past few years defenses haven’t kept pace, but that seems to be changing, Gartner analysts explained at the firm’s Security and Risk Management Summit. Gartner tracks the progress of new technologies as they pass through five stages from the trigger that gets them started to the final stage where they mature and are productive. The continuum is known as the Hype Cycle. DDoS defense had reached the so-called Plateau of Productivity – the final stage – in 2012, but then has moved backwards in the Hype Cycle in the past few years into the previous stage – the Slope of Enlightenment – says Gartner analyst Lawrence Orans. That fall, DDoS attacks were 10 times as large as any then seen hit Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank using botnets of compromised servers to generate high volumes of traffic against not only HTTP and HTTPS but DNS as well. They also went after protocols including TCP, UDP, and ICMP. That was followed up in 2013 by the use of NTP amplification attacks that used Network Time Protocol servers to swamp networks with responses to requests made from spoofed IP addresses in the target network. “That set DDoS back on its heels,” Orans says. But security vendors and service providers that offer DDoS protection have caught up, and Gartner’s Hype Cycle rating for DDoS defenses will shift again back toward the maturity end of the scale, he says. That’s encouraging because the number of DDoS attacks from the first quarter of 2015 to the first quarter of 2016 more than doubled, according to Akamai’s latest State of the Internet Security report, and mega attacks hit hundreds of gigabits per second. Attacks of 300Gbps and above can be handled by leading DDoS vendors, Orans says, and given the ready availability of DDoS attack kits, it’s important for corporations to pay for this type of protection. Competition among DDoS mitigation providers is increasing, so prices have dropped, he says. Flat fees per month were the norm for DDoS protection services, but now there are more flexible plans. Protection can come in three models. Providers sell access to scrubbing centers, where traffic during a DDoS attack is redirected to a provider’s network where the attack traffic is dropped and only good traffic returned to the customer network. This can cost $5,000 per month and up. Some providers he mentioned: Akamai, Arbor, F5, Neustar, Nexusguard, Radware and Verisign. Some ISPs offer this type of service at a 15% to 20% premium over bandwidth costs, he says. Some ISPs are better at it than others, so customers should check them carefully, particularly newer and regional ones. Many businesses have multiple ISPs, so they should do the math to see if it makes sense to use this option, he says. Some ISPs he mentions: AT&T, CenturyLink, Level 3 and Verizon. Content-delivery networks can also help mitigate DDoS attacks, he says, by virtue of their architecture. CDNs distribute customer Web content around the world so it’s as close as possible to end users. That distribution makes it harder for attackers to find the right servers to hit and diffuses their capabilities. This option isn’t for everyone, he says. It’s not as effective as the others and it doesn’t make sense unless a business needs a CDN anyway to boost its response time. Web application firewalls can help mitigate those DDoS attacks that seek to disrupt use of Web applications. They can be deployed on premises with gear owned by the customer, but internet-hosted and cloud-based WAF services are emerging, Orans says. Cloud-based WAF is fastest growing for mobile devices that must be deployed quickly, he says. Source: http://www.networkworld.com/article/3083797/security/gartner-ddos-defenses-have-been-backsliding-but-starting-a-turnaround.html

See the original article here:
DDoS defenses have been backsliding but starting a turnaround

Companies suffer an average of 15 DDoS attacks per year

The average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes, according to A10 Networks. As DDoS attacks become more popular, they are also growing harder to defend. While the average peak bandwidth of attacks was a staggering 30-40 gigabits per second (Gbps), 59 percent of organizations have experienced an attack over 40 Gbps. A majority of respondents (77%) also expect … More ?

Read More:
Companies suffer an average of 15 DDoS attacks per year

DNS attacks cost businesses more than $1 million a year

New research has revealed that DNS attacks are costing businesses more than $1 million a year in lost business and service downtime. For years, DNS has silently and peacefully served internet needs, but it’s mostly been thought of as a trivial protocol requiring very basic configuration and monitoring. Despite its criticality, this service has never really been considered as a potential security issue, mostly because common usage leads people to believe it is a trivial protocol requiring very basic confguration and monitoring. But while DNS may have been safe and apparently secure for the last twenty years, because of its complexity and evolving role in the IT industry it has become a powerful attack vector, with 91% of malware using the DNS protocol. According to the new study from IDC and EfficientIP , the top three DNS attacks that have the largest impact on an organisation are Distributed Denial of Service (DDoS attacks, Zero-Day vulnerabilities and data exfiltration. These types of attacks are the main cause of business outage and data theft. But despite 74% being victims of DNS attacks, 25% of businesses still aren’t implementing any kind of basic security software. EfficientIP’s experts warn that existing DNS defenses are outdated and no longer work. Until now, the approach to IT Security has been one that has downplayed the risk of DNS threats, bundling them in with a wide selection of diferent network threats that can be protected using traditional security tools and techniques. It is an approach that threatens DNS security by overcomplicating architectures, adding slow and inappropriate layers of defence. While firewalls can protect on a basic level, on their own they;re not designed to deal with high bandwidth DDoS attacks, or detect DNS tunnelling attempts (the majority of DDoS attacks are now over 1Gbps), and most businesses still rely on the ‘out-of-the-box’ non-secure DNS servers offered by Microsoft or Linux servers. ‘The report has highlighted that despite the massive increase in cyber attacks, companies and their IT departments still don’t fully appreciate the risks from DNS-based attacks,’ said David Williamson, EfficientIP CEO. ‘In just under two years GDPR will come into effect and companies will be held responsible for all security breaches and could face major fines. It’s crucial for all businesses to start taking DNS security seriously.’ Source: http://www.information-age.com/technology/security/123461604/dns-attacks-cost-businesses-more-1-million-year-study

View article:
DNS attacks cost businesses more than $1 million a year

Anonymous take down South African State Broadcasting Corp Website Over News Censorship

Anonymous DDoS South African State Broadcasting Corporation Website, SABC says Anonymous hackers are cowards The online hacktivist group, Anonymous have taken offence at the news censorship in South Africa. An Anonymous affiliated group yesterday brought down the SABC website to protest against the rising censorship in South Africa. The South African Broadcasting Corporation (SABC), which is the official state-sponsored broadcaster of Africa has confirmed that its websites were hacked on Sunday. A Twitter account belonging to a hacktivist group dubbed Anonymous Africa claimed responsibility for the downtime of the SABC websites. The hacker targeted the DDoS attacks at the websites for SABC’s main TV channel, but also the 5FM and SAFM radio stations. The attacks begun at noon on Sunday and stopped four hours later after bringing down all Web-related services. The hacker announced its intentions to carry out the attacks on Twitter, on the night between Saturday and Sunday, about nine hours before they started. Anonymous Africa in a series of tweets on Sunday, said it was carrying out the alleged attack in light of allegations of censorship at the SABC. SABC chief operating officer Hlaudi Motsoeneng has blocked the broadcaster from showing burning of public property in a move to discourage vandalism while he has further driven a controversial ‘good news’ policy. The censorship charges arised after anti-government protests in South Africa that turned violent. It’s after these protests that SABC took its decision, and also urged private TV stations to stand in solidarity. In statements to South African tech news site Fin24, an SABC representative called the attackers “cowards” for attacking a “national key-point.” In the meantime, Anonymous Africa, which claims links to global hacktivist group Anonymous has promised more cyberattacks against the SABC. “We will stop the attacks at SABC (for now) at 4pm. We are not done yet, lots of action coming. Things are going to get wild!” tweeted the group on Sunday. Source: http://www.techworm.net/2016/06/anonymous-take-south-african-state-broadcasting-corp-website-news-censorship.html

More:
Anonymous take down South African State Broadcasting Corp Website Over News Censorship

Defending against DDoS-Day

It was tax time in Australia, 2014, and one Sydney tax agent, like many others across the country, was all-hands-on-deck as staff took endless calls and filled appointment diaries. The frantic pace was welcomed at the young firm, which prided itself on being hip, casual, and cool. The firm’s slick, mobile-friendly website and a good search engine ranking brought a decent rush of new clients to the firm each year. So when the site went on- and offline over the course of a week, phones stopped ringing and staff panicked. The firm was on the receiving end of a distributed denial-of-service (DDoS) attack from IP addresses out of Eastern Europe that overwhelmed the small business IT infrastructure. An email in the company’s generic inbox demanded that US$1,000 be wired to a Western Union account in order for the attacks to stop. “We called our tech guys and they tried to block it,” a senior tax accountant told CRN on condition of anonymity. “We called the cops, but no-one could fix it quickly enough so we paid.” The price was cheap compared to the damage wrought. And fears that the criminals would just ask for more money once the ransom was paid were unfounded; the attacks stopped abruptly and no more was heard from them. Booters and stressers When a dam threatens to breach, it helps to have a network of diversion channels where the water can flow away from the towns below. So it is that a wave of DDoS packets can be soaked up by throwing large networks in front of the target. The floods are becoming more common, but their nature is changing to something more efficient and dangerous than in previous years. Akamai’s latest release of the popular State of the Internet report for the last quarter of 2015 finds a 149 percent increase in total DDoS attacks and a 169 percent increase in infrastructure layer attacks over the same period in 2014. The “vast majority” of these attacks were from so-called booter or stresser providers, the DDoS-for-hire services that operate with a gossamer-thin veil of legitimacy for customers who pay hourly to monthly rates to point the attacks at their own infrastructure. Of course, many who use the services point the booters at rival businesses, governments and, notably, live-stream gaming video channels operated by rivals. These attacks have “increased dramatically”, Akamai says, compared to the preceding three months, with use of network timing attacks that power the booters up by 57 percent on the previous quarter. Such attacks abuse the network timing protocol so a small query generates a large response, which is redirected at a target. “Network Time Protocol amplification attacks have be used in large-scale DDoS attacks peaking shy of 400Gbps, but DNS amplification attacks have also been successfully used to cripple infrastructure and cause serious financial losses,” BitDefender senior threat analyst Adrian Liviu Arsene says. “One of the largest DDoS attack to date was reported to have reached around 500Gbps, although the standard is somewhere around 100Gbps.” Motive and intent Distributed denial-of-service is the second most likely digital attack to be familiar to the average pedestrian after viruses. The method of attack hit mainstream headlines some six years ago, when online activist group Anonymous brought down major websites, including Paypal, the Recording Industry Association of America and the sites of Canberra public agencies. Systematic arrests followed, bursting the bubble of those participants who thought safety in numbers would shield their IP addresses from being singled out by police. It signalled a fall in popularity of DDoS as a means of protest. The criminal undercurrent remains and here cash is king, but motivations still vary. Businesses use DDoS attacks to knock off rivals and criminals to send sites offline until a ransom is paid. Yet others use the digital flood as a diversion to distract security defenders and set off alarms while they hack into back-end systems. One group known as DDoS for Bitcoin, or DDoS4BC, is using the proven anonymity of the crypto-currency to extort companies through DDoS. It is a safer model for criminals than that which ripped through the Sydney tax accountancy, and considerably more expensive for victims. It is, as of January, known to have hit more than 150 companies around the world, first sending an extortion note demanding between AU$5,600 and a whopping AU$112,000 in Bitcoins before launching small DDoS attacks to demonstrate the group’s capabilities. For some victims, the DDoS may be short-lived and devoid of any apparent motive, according to Verizon Enterprise Solutions investigative response managing principal Ashish Thapar. “We have definitely seen DDoS on the rise and several of our partners are logging double the [usual] number of incidents,” Thapar says. “We are also seeing DDoS attacks bringing companies them to their knees but not entirely offline, which acts as a smokescreen for advanced persistent threat attacks at the back end.” That’s also something Secure Logic chief executive officer Santosh Devaraj has seen. The company hosts iVote, the electronic voting system for NSW, and last year bagged the $990,000 contract to operate it until 2020. “There are ‘DDoS for hire’ groups we’ve seen as part of monitoring iVote that may be trying to gain access to infrastructure at the back,” Devaraj says. “The real threat may not be the DDoS.” DDoS down under Australian businesses are less targeted than those overseas, experts agree, thanks in part to our smaller internet pipes. But with the NBN rolling out, DDoS Down Under is expected to become big. The midmarket is likely to be hit harder, BitDefender’s Arsene says. “Midmarket DDoS attacks are likely to rise as the chances of targets actually paying are higher than for other organisations,” he says. “[Criminals] specifically target midmarket companies that don’t have the technical resources to fend off such attacks.” Akamai chief strategist John Ellis agrees, saying extortionists “tend to hit the sites with a large online presence”. “For cyber adversaries, the [midmarket] provides a fantastic target,” Ellis adds. “A Sydney developer team that relies heavily in online app availability, for example, may have to seriously consider whether it rolls over and pays DDoS extortionists.” The attacks in Australia are, for now, fairly small. “We are seeing bigger DDoS attacks, but they’re nowhere near the size of attacks in the US,” says Melbourne IT cloud and mobile solutions general manager Peter Wright.  “It is partly because infrastructure and bandwidth limitations reduce the size of DDoS attacks. It is an attribute of infrastructure capacity and there is a risk that, as we broaden the pipes [as part of the National Broadband Network], it brings huge benefits but increases the risk profile as well.” Sinking feeling Big banks are smashed by DDoS attacks every day and largely do not bat an eyelid. Online gambling companies, too, across Australia are blasted during big sporting events. These top end of town players have expensive, tried-and-tested scrubbing mechanisms to largely neuter DDoS attacks, although some betting agencies are known to have regularly paid off attackers during the Melbourne Cup, treating it as a cost of business. The midmarket is not left to its own devices, however. Hosting providers like Melbourne IT and others offer DDoS protection against applications and services, while other companies have cheaper offerings for the budget market. “I am sympathetic to the midmarket, their need for bang-for-buck,” Ellis says. “The challenge for the midmarket is that they don’t have the money that they need… they should focus on business outcomes and partners who understand their business and design outcomes.” For Secure Logic’s Devaraj, DDoS mitigation comes down to a solid cyber security operations centre. “It is where I believe the industry should invest, rather than a particular technology.” Yet companies can use free or cheap DDoS protection from the likes of CloudFlare, or opt for do-it-yourself options that require hardening of security defences – something the average small technology shop may lack the ability to do. “There are DDoS sinkholes and capabilities with our cloud partners,” Wright says. “If a resource or function is hit, we can move workloads to other resources dynamically.” Arsene agrees. “Midmarket tech guys need to start by incorporating DDoS attack risks into their corporate security strategies. Using a secure and managed DNS that supports changing internet protocols on the fly is also recommended, as well as patching software vulnerabilities to mitigate application layer attacks.” Source: http://www.crn.com.au/feature/defending-against-ddos-day-419470/page1 http://www.crn.com.au/feature/defending-against-ddos-day-419470/page2

Read the original post:
Defending against DDoS-Day