Monthly Archives: September 2016

DDoS Attacks Up by 75 Percent in Q2 2016

The largest attack detected in the second quarter peaked at 256 Gbps, according to Verisign. According to the Verisign DDoS Trends Report for the second quarter of 2016, the number of distributed denial of service (DDoS) attacks increased by 75 percent year over year. The average peak attack size in the second quarter was 17.37 Gbps, an increase of 214 percent over Q2 2015. Fully 75 percent of attacks peaked over 1 Gbps, and 32 percent exceeded 10 Gbps. The largest and fastest DDoS attack detected by Verisign in Q2 2016 peaked at 256 Gbps for about 15 minutes before settling in at more than 200 Gbps for almost two hours. Sixty-four percent of DDoS attacks detected in Q2 2016 employed multiple attack types, indicating that DDoS attacks continue to increase in complexity.  Forty-five percent of DDoS attacks targeted the IT services industry, followed by financial services (23 percent) and the public sector (14 percent). The Kaspersky DDoS Intelligence Report for Q2 2016 found that 77.4 percent of resources targeted by DDoS attacks were located in China. The three most targeted countries for Q2 2016 were China, South Korea and the U.S. While most attacks lasted no more than four hours, 8.6 percent lasted 20-49 hours, and 4 percent last 50-99 hours. The longest DDoS attack in Q2 2016 lasted for 291 hours (12.1 days), a significant increase over the previous quarter’s maximum of 8.2 days. Over 70 percent of all attacks detected by Kaspersky in Q2 2016 were launched from Linux botnets, almost twice the number for the previous quarter. Just under 70 percent of all command and control (C&C) servers were located in South Korea, followed by China (8.1 percent), the U.S. (7.1 percent), Russia (4.5 percent) and Brazil (2.3 percent). And the Nexusguard Q2 2016 Threat Report states that the number of DDoS attacks increased by 83 percent to more than 182,900 attacks in the second quarter. The most targeted countries seen by Nexusguard were Russia, the U.S. and China. “We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” Nexusguard chief scientist Terrence Gareau said in a statement. “Organizations can expect cyber attacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the U.S.” “The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure,” Gareau added. Source: http://www.esecurityplanet.com/network-security/ddos-attacks-up-by-75-percent-in-q2-2016.html

See the original article here:
DDoS Attacks Up by 75 Percent in Q2 2016

Meet DDoSaaS: Distributed Denial of Service-as-a-Service

Cracking the grey market in rent-a-borkers Analysis   It’s not often an entirely new and thriving sector of the “digital economy” – one hitherto unmentioned by the popular press – floats to the surface of the lake in broad daylight, waving a tentacle at us.…

View original post here:
Meet DDoSaaS: Distributed Denial of Service-as-a-Service

Israeli Pentagon DDoSers explain their work, get busted by FBI

There’s not much more than fine print between stress testing and DDoS-as-a-service Two Israeli men have been arrested for running a distributed-denial-of service-as-a-service site, after one seemingly claimed to attack the Pentagon.…

Read the original:
Israeli Pentagon DDoSers explain their work, get busted by FBI

Linode fends off multiple DDOS attacks

Nowhere near as bad as its ten-day Christmas cracker, but something seems to be afoot Cloud hosting outfit Linode has again come under significant denial of service (DoS) attack.…

View original post here:
Linode fends off multiple DDOS attacks

Hack reveals the inner workings of shady DDoS service vDOS

A web service that helped customers carry out distributed denial-of-service (DDoS) attacks on unsuspecting victims has been hacked revealing data on the customers that availed of this clandestine service. According to security journalist Brian Krebs, vDos was hacked recently and he obtained a copy of the leaked data in July. Upon scrutinizing the database, he claims that vDOS is being run by two Israeli cybercriminals under the pseudonyms of P1st or P1st0 and AppleJ4ck, with associates in the United States. vDOS allegedly offered monthly subscriptions to DDoS attack services, paid in bitcoin or even through PayPal, with the prices based on how long the attack would last. These DDoS attacks would launch fake traffic at victim websites, overwhelming their servers and knocking the sites offline. A particularly strong DDoS attack could cripple a site for days. “And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years’ worth of attack traffic,” Krebs said in his analysis. He added that he believes vDOS was handling hundreds or even thousands of concurrent attacks a day. Kreb’s analysis is based on data from April to July. Apparently all other attack data going back to the service’s founding in 2012 has been wiped away. Krebs’ source for info on the hack was allegedly able to exploit a hole in vDOS that allowed him to access its database and configuration files. It also allowed him to source the route of the service’s DDoS attacks to four servers in Bulgaria. Among the data dump were service complaint tickets where customers could file issues they had with the DDoS attacks they purchased. Interestingly the tickets show that the owners of vDOS declined to carry out attacks on Israeli sites to avoid drawing attention to themselves in their native land. The duo supposedly made $618,000 according to payments records dating back to 2014 in the data dump. “vDOS does not currently accept PayPal payments. But for several years until recently it did, and records show the proprietors of the attack service worked assiduously to launder payments for the service through a round-robin chain of PayPal accounts,” Krebs said. The operators of the DDoS service are believed to have enlisted the help of members from the message board Hackforums in laundering the money. Krebs warned that services like vDOS are worrisome because they make cybercrime tools available to pretty much anyone willing pay. In some cases, vDOS offered subscriptions as low as $19.99. These sorts of tools, also known as booter services, can be used ethically for testing how your site holds up against large swathes of traffic but in the wrong hands they can be abused and sold very easily. “The scale of vDOS is certainly stunning, but not its novelty or sophistication,” Ofer Gayer of security firm Imperva said but added that this new widespread attention on DDoS service might stall them for a while. Source: https://sports.yahoo.com/news/hack-reveals-inner-workings-shady-180952571.html

View article:
Hack reveals the inner workings of shady DDoS service vDOS

DDoS Extortionist Copycats Continue To Hound Victims

It has been a while sine I wrote about this subject (or about anything at all for that matter) but, it occurred to me to today that the distributed denial of service (DDoS) extortionist issue is a problem that needs to be talked about again. Over the last couple years there have been a lot of websites come under attack from miscreants armed with all manner of distributed denial of service platforms and tools. Often these attackers would first launch an attack and then contact the victim company to say “check your logs to see we’re for real”. Once their bonafides were established they would then demand a sum of money to be paid in bitcoin or suffer the “wrath” of their DDoS attack that was more often that naught was severely oversold. There have been examples of criminal outfits like DD4BC who were true to their word when they made a threat. They would in fact follow through on their threat of an attack. This came to an unceremonious end a year ago when one of the main ne’er do wells was arrested by Europol. More often than naught however, these extortion gangs turn out to be little more than confidence tricksters. One such example was the Armada Collective. This was a criminal outfit that did little more than threaten targets but, with one lone exception, never followed through on the threats they made. Mind you, they did end up making a tidy sum of money from their victims. What this did accomplish was to set a precedent that has given rise to the copycat attackers. A prime example of this was an in an email that I received from a friend. His organization was threatened by a copycat group that were masquerading as the Armada Collective. Basically using the name as a hex sign. A brand name that could be used to possibly intimidate an organization. Here is a redacted version of the email that he provided to me. From: Armada Collective Sent: Subject: ATTENTION: Ransom request!!! FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION! We are Armada Collective. All your servers will be DDoS-ed starting Wednesday (Jun 29 2016) if you don’t pay 5 Bitcoins @ [Bitcoin wallet address redacted] When we say all, we mean all – users will not be able to access sites host with you at all. If you don’t pay by Wednesday, attack will start, price to stop will increase by 5 BTC for every day of attack. If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time. This is not a joke. Our attacks are extremely powerful – sometimes over 1 Tbps per second. So, no cheap protection will help. Prevent it all with just 5 BTC @ [Bitcoin wallet address redacted] Do not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US! Bitcoin is anonymous, nobody will ever know you cooperated. While people might not be aware that an organization had in fact cooperated, as per their email, they would be setting a horrible example. The more that companies pay extortionists like this the more emboldened that the criminals would become. This could potentially become a lucrative endeavor for the criminals. At the time of this writing 1 bitcoin was valued at roughly $628 USD. At a bare minimum there would be 5 bitcoin per email above, they would be raking in at least $3000 USD for each successful attack. Not bad for the cost of an email. If you are the recipient of an email like this, seek help to protect your enterprise. Do not feel compelled to pay the attackers. You have no guarantees that they won’t return. Source: http://www.forbes.com/sites/davelewis/2016/09/08/ddos-extortionist-copycats-continues-to-hound-victims/#2c6d7a7b4d06

Read this article:
DDoS Extortionist Copycats Continue To Hound Victims

Group claiming to be the Armada Collective threatens DDoS attack

Cybercriminals claiming to be the Armada Collective have sent out extortion emails threatening independent and small businesses with DDoS attacks. A group of cybercriminals which claim to be the infamous Armada Collective are threatening independent and small business websites worldwide with a huge Distributed Denial of Service (DDoS) attack, should they fail to pay the bitcoin ransoms requested by email. It is still unclear if these cybercriminals are the real deal or are just pretending to be to scare possible victims into paying a ransom to prevent a DDoS attack that could threaten their businesses. The actual Armada Collective gained infamy last year after extorting money from a number of Swiss firms, several Thai banks and even ProtonMail which provides encrypted webmail. The emails sent out to businesses around the globe inform users that their security is poor and that the group will launch a DDoS attack on their networks using the Cerber ransomware and anywhere from 10-300 Gigabytes per second (Gbps) of attack power. However, anyone who received and email from the group can prevent the attack by paying one bitcoin which is equivalent to $606. If the ransom is not paid before they attack though, the price will go up significantly to 20 bitcoins to put an end to the DDoS attacks. The group has also been kind enough to provide users who are unfamiliar with bitcoin all the information necessary on how to download a personal bitcoin wallet such as Multibit or Xapo. They are also informed on how to set up a bitcoin wallet of their choosing online. It is quite possible that the group’s email demands could be fake and any user who received the email should contact their local authorities, but under no circumstance should they pay the ransom. Source: http://www.itproportal.com/news/group-claiming-to-be-the-armada-collective-threatens-ddos-attacks/

Taken from:
Group claiming to be the Armada Collective threatens DDoS attack

Mirai Linux Trojan corrals IoT devices into DDoS botnets

Mirai, a newly discovered and still poorly detected piece of Linux malware, is being used to rope IoT devices into DDoS botnets. Researchers from MalwareMustDie have recently gotten their hands on several variants of the threat, and have discovered the following things: It comes in the form of an ELF file (typical for executable files in Unix and Unix-like systems) It targets mostly routers, DVR or WebIP cameras, Linux servers, and Internet of Things devices … More ?

Read More:
Mirai Linux Trojan corrals IoT devices into DDoS botnets

Luabot malware used to launch DDoS attacks

A security researcher discovered a Trojan that infects Linux platforms used in distributed denial of service (DDoS) attacks. According to MalwareMustDie, the security researcher responsible for the discovery, the malware is written in the Lua programming language (version 5.3.0). The malware, dubbed Linux/Luabot, targets the Linux operating system, used often in web servers and Internet of Things (IoT) devices. The Trojan issues botnet commands to affected systems, MalwareMustDie wrote in a blog post published on Monday. “There are plenty new ELF malware coming & lurking our network recently & hitting out Linux layer IoT and services badly,” MalwareMustDie wrote in the blog post. The researcher advised security professionals to “watch for unusual hazards for the security of our 24/7 running Linux nodes.” Last week, security firm Sucuri disclosed vulnerabilities in IoT home routers that were exploited to launch an application-level DDoS attack. The Strider cyberespionage group disclosed by Symantec last month also used modules written in Lua. Source: http://www.scmagazine.com/luabot-malware-used-to-launch-ddos-attacks/article/520814/

View article:
Luabot malware used to launch DDoS attacks

World Of Warcraft: Legion’ Goes Down As Blizzard Servers Hit With DDoS

To commemorate the launch of the latest  World of Warcraft  expansion,  Legion , Blizzard’s servers were taken down by a DDoS (distributed denial of service) attack on Wednesday. This came a day late, as the expansion actually launched on Tuesday. But when it comes to ruining other peoples’ fun, better late than never. This lined up with a similar attack that brought down the  Battlefield 1  open beta for most of the day yesterday, as EA’s servers were hit. The Blizzard attack began in Europe, then spread across the globe. It didn’t just take down  Legion.  Other games, like  Overwatch , were also impacted. This was the second major DDoS attack against Blizzard in August. The last attack hit early in the month, and was apparently retaliation for Blizzard’s banning of cheaters.  How classy. Part of a game developer’s job is to keep legit players around, and a big part of that in multiplayer games is protecting honest players from cheaters. Retaliating against a company for doing its job is absurd. As of now, Blizzard’s servers appear to be working again. Source: http://www.forbes.com/sites/erikkain/2016/09/01/world-of-warcraft-legion-goes-down-as-blizzard-servers-hit-with-ddos/#6bfb43ed3778

More:
World Of Warcraft: Legion’ Goes Down As Blizzard Servers Hit With DDoS