Tag Archives: ddos news

Group claiming to be the Armada Collective threatens DDoS attack

Cybercriminals claiming to be the Armada Collective have sent out extortion emails threatening independent and small businesses with DDoS attacks. A group of cybercriminals which claim to be the infamous Armada Collective are threatening independent and small business websites worldwide with a huge Distributed Denial of Service (DDoS) attack, should they fail to pay the bitcoin ransoms requested by email. It is still unclear if these cybercriminals are the real deal or are just pretending to be to scare possible victims into paying a ransom to prevent a DDoS attack that could threaten their businesses. The actual Armada Collective gained infamy last year after extorting money from a number of Swiss firms, several Thai banks and even ProtonMail which provides encrypted webmail. The emails sent out to businesses around the globe inform users that their security is poor and that the group will launch a DDoS attack on their networks using the Cerber ransomware and anywhere from 10-300 Gigabytes per second (Gbps) of attack power. However, anyone who received and email from the group can prevent the attack by paying one bitcoin which is equivalent to $606. If the ransom is not paid before they attack though, the price will go up significantly to 20 bitcoins to put an end to the DDoS attacks. The group has also been kind enough to provide users who are unfamiliar with bitcoin all the information necessary on how to download a personal bitcoin wallet such as Multibit or Xapo. They are also informed on how to set up a bitcoin wallet of their choosing online. It is quite possible that the group’s email demands could be fake and any user who received the email should contact their local authorities, but under no circumstance should they pay the ransom. Source: http://www.itproportal.com/news/group-claiming-to-be-the-armada-collective-threatens-ddos-attacks/

Taken from:
Group claiming to be the Armada Collective threatens DDoS attack

Rio 2016 Olympics Suffered Sustained 540Gbps DDoS Attacks

Arbor security claims Rio was a success in terms of mitigating powerful, prolonged DDoS attacks Public facing websites belonging to organisations affiliated with the 2016 Rio Olympics were targeted by sustained, sophisticated DDoS attacks reaching up to 540Gbps, according to Arbor Networks. Many of these attacks started months before the Olympic Games had begun, but the security company said that attackers increased their efforts significantly during the games, generating the longest-duration sustained 500Gbps+ DDoS attack Arbor has ever seen. “And nobody noticed,” boasted Arbor’s Security Engineering and Response Team (ASERT). Virtual battlegrounds Just like other public services like electricity and water, the ins and outs of keeping websites up and running should be hidden from the general public, allowing them to go about their business without knowing about the virtual warfare being engaged behind server lines. And in ASERT’s opinion, the Rio Olympic Games “set the bar for rapid, professional, effective DDoS attack mitigation under the most intense scrutiny of any major international event to date”. “Over the last several months, several organizations affiliated with the Olympics have come under large-scale volumetric DDoS attacks ranging from the tens of gigabits/sec up into the hundreds of gigabits/sec,” blogged ASERT. “A large proportion of the attack volume consisted of UDP reflection/amplification attack vectors such as DNS, chargen, ntp, and SSDP, along with direct UDP packet-flooding, SYN-flooding, and application-layer attacks targeting Web and DNS services. “The defenders of the Rio Olympics’ online presence knew they’d have their work cut out for them, and prepared accordingly. “A massive amount of work was performed prior to the start of the games; understanding all the various servers, services, applications, their network access policies, tuning anomaly-detection metrics in Arbor SP, selecting and configuring situationally-appropriate Arbor TMS DDoS countermeasures, coordinating with the Arbor Cloud team for overlay ‘cloud’ DDoS mitigation services, setting up virtual teams with the appropriate operational personnel from the relevant organisations, ensuring network infrastructure and DNS BCPs were properly implemented, defining communications channels and operational procedures. “And that’s why the 2016 DDoS Olympics were an unqualified success for the defenders! Most DDoS attacks succeed simply due to the unpreparedness of the defenders – and this most definitely wasn’t the case in Rio.” However, not all defence tactics worked surrounding the Olympic Games. The Brazilian arm of hacking collective Anonymous was successful in targeting websites that included the official website of the federal government for the 2016 games and the Brazilian Ministry of Sports. Anonymous was also able to leak personal and financial data belonging to Brazilian sports domains such as the Brazilian Confederation of Boxing and the Brazilian Triathlon Confederation. “Hello Rio de Janeiro. We know that many have realized how harmful it was (and still is) the Olympic Games in the city. The media sells the illusion that the whole city celebrates and commemorate the reception of tourists from all over the world, many of them attracted by the prostitution network and drugs at a bargain price. This false happiness hides the blood shed in the suburbs of the city, mainly in the favelas thanks to countless police raids and military under the pretext of a fake war,” stated Anonymous. “Therefore, we will continue with our operations to unmask the numerous arbitrary actions of those who are state and therefore its own population enemies.” Source: http://www.techweekeurope.co.uk/security/rio-olympics-ddos-attacks-196998

Excerpt from:
Rio 2016 Olympics Suffered Sustained 540Gbps DDoS Attacks

Attacks increase as a result of DDoS-for-hire services

DDoS attacks have increased in frequency, scale and complexity over the past year, driven by DDoS-for-hire services, according to a new report. DDoS-for-hire services have caused attacks to become more affordable by enabling unsophisticated threat actors to launch attacks, stated Imperva’s DDoS Threat Landscape Report 2015-2016. The proliferation of these services, also known as “stressers” and “booters,” accounted for an increase in the number of DDoS attacks from 63.8 percent in Q2 2015 to 93 percent in Q1 2016. The U.S. and U.K. are the most frequently targeted countries in DDoS attacks, the report said. In speaking to SCMagazine.com on Thursday, Tim Matthews, vice president of marketing at Imperva Incapsula, said it has become inexpensive to mount DDoS attacks as these kits become “readily available,” creating a “perverse economic ecosystem.” Other security pros have noticed a similar trend. Maxim Goncharov, security researcher at Shape, wrote in an email to SCMagazine.com on Thursday that in the underground community, there are “literally thousands of offers from DDoS professionals.” While a 100-plus GB DDoS attack was virtually unheard of just 18 months ago, attacks of that magnitude are no launched by large scale botnets, according to Tom Kellermann, CEO at Strategic Cyber Ventures. “Mitigation through content delivery and ISP is key here,” wrote Kellermann, formerly CISO of Trend Micro, in an email to SCMagazine.com. Allison Nixon, director of security research at Flashpoint, noted in an email to SCMagazine.com on Thursday that her firm has seen a rise in DDoS-as-a-service in recent years, both in number of services and the power of their attacks. “The problem is that these DDoS services are getting more powerful, and these attacks cause a lot of collateral damage,” she wrote. “Unfortunately, due to the widespread availability of DDoS power, many businesses are learning that purchasing DDoS protection is a requirement to engage in commerce.” Imperva’s Matthews said there has been an uptick in job postings that require technical skills and experience countering these attacks. The rise in DDoS-as-service attacks has become a significant concern for law enforcement, according to William MacArthur, threat intelligence analyst at RiskIQ. The adoption of IPv6 mixed with normal traffic protocol patterns is a method used by attackers that the “current hardware in use in most places of business is not ready to handle,” he wrote in an email to SCMagazine.com on Thursday. Michael Covington, VP product, Wandera, noted that the increase in sophisticated DDoS attacks causes secondary challenges for organizations. “In many situations, a DDoS attack is just a smokescreen for something else the malicious actor is trying to accomplish, whether it involves installing malware, exfiltrating sensitive data or attacking an associate of the target,” he wrote to this publication. Yogesh Amle, managing director and head of software at Union Square Advisors, agreed, noting that DDoS “is one of the most prevalent and common tactics used by cyberterrorists.” However, he also informed this publication that DDoS attacks are increasingly used to distract businesses. He called DDoS the “gateway” to a bigger prize. Amle noted that the rise of the DDoS-as-a-service model is an example of a “dark economy” emerging on the internet. “With money to be made, amateurs and sophisticated hackers are jumping into the fray,” he said. Source: http://www.scmagazine.com/attacks-increase-as-a-result-of-ddos-for-hire-services/article/518544/

Originally posted here:
Attacks increase as a result of DDoS-for-hire services

DDoS Attacks Increase 200%; UK Now Second Most Targeted Nation

DDoS attacks have increased by over 200% in the last year, according to new research from Imperva. The uptick in attacks has been attributed to DDoS-for-hire services, the company said. DDoS attacks are now among the most common cyber threats businesses can face, according to Imperva. Between April 1, 2015 and March 31, 2016 it recorded an average of 445 attacks targeting its customers per week. More than 40% of customers affected were targeted more than once, and 16% were hit more than five times. The majority of attacks noted by Imperva targeted the application layer, making up 60% of all DDoS attacks. The remainder targeted the network layer. However, Imperva noted that the number of application layer attacks are trending downwards, dropping by 5% year over year. If that trend continues, network layer attacks could be just as common as application layer ones before too long. The most recent quarter covered by this report shows a big jump in the size of network layer attacks. The biggest recorded attack was 470 Gbps, while many others exceeded 200 Gbps. Imperva now says attacks of this size are a “regular occurrence.” These increases in DDoS attacks have been attributed to DDoS-for-hire services, where anyone can pay as little as $5 to launch a minute-long DDoS attack on a target of their choice. This means attacks can be launched by just about anyone—whether it’s because of a grudge against a particular company or just boredom. These now account for 93% of DDoS attacks, up from 63.8% in Q2 2015. Imperva says this has directly led to the increase in overall DDoS numbers. Another clue to an increase in DDoS-for-hire services and what Imperva calls “casual offenders” is a decrease in attack complexity. Starting in Q2 2015 the company recorded a decrease in multi-vector attacks; attacks using multiple vectors and payloads indicate a more sophisticated, complex attack. However, Q1 2016 saw an increase in the volume of assaults using five or more payloads. “This countertrend reminds us that—in parallel with the increased “hobbyist” activity—more capable cyber-criminals continue to improve their methods. As per the first rule of the DDoS mitigation industry, attacks continue to get larger and more sophisticated on the high-end of the scale,” the report said . The report also examined where DDoS attacks generally emerge from. Once again, China tops the list, with a sharp increase recorded in South Korea. The excellent broadband infrastructure in the country enables attacks to easily launch effective attacks, Imperva said. The UK is now the world’s second most-attacked country, after the United States of America. Most attacks targeted small and medium businesses, but some bigger institutions, including the BBC and HSBC , were hit as well. Source: http://www.infosecurity-magazine.com/news/ddos-attacks-increase-200/

More:
DDoS Attacks Increase 200%; UK Now Second Most Targeted Nation

Teen hacker walks free after carrying out DDoS attacks on bank and e-crime portal

Australian teenager who DDoSed E-crime website, Commonwealth Bank and his own school, walks free This teen did something and got away with it! Seldom do you see anyone walking away free after creating online mayhem through DDoS attacks but this teen did just that. A 15-year-old teenage hacker was sentenced to a “family conference” by a judge at the Christies Beach Youth Court in Adelaide, Australia after he targeted Australian Cybercrime Online Reporting Network (ACORN) Portal, Commonwealth Bank of Australia, and his own school servers in February 2016. In Australian law, a family conference is when the court leaves the punishment to the family and a supervising youth police officer, who must agree with the punishment in order to consider the matter closed. Family conferences may require the teen to apologize publicly, pay compensation to the victims, perform a number of hours of community service, or more. The youth, who cannot be identified under state law, pleaded guilty to four counts of unauthorised damage of computer systems related to Distributed Denial of Service (DDoS) attacks. However, the very next day, he walked free as the court ordered mediation between his family and victims rather than facing jail time. The teenager was fortunate for not having to face prison time up to 3 years in youth detention under cyber terrorism laws in Australia, as he is not an adult. “The penalty for orchestrating a DDoS attack is a maximum of 10 years imprisonment. This is found in the Cybercrime Act 2001, section 477.3 ‘unauthorised impairment of electronic communication.’” The teenager started his DDoS spree on February 26 when he first attacked CBA that left the bank and some overseas customers unable to access services for more than three hours. The attack “had the potential to cause serious disruption to our services”, says the bank, even though customer money and information was not put at risk. Later in March, he used his mobile phone in March to disrupt his high school’s information technology systems for “fun” and because he was “bored” in computing studies. Later, the teenager shifted the attacks from the school’s system to its Internet provider. On April 4, 2016, he launched another attack on the ACORN website, which is used by every Australian police force and multiple federal crime fighting agencies, was shut down for up to six minutes but abandoned later. He was arrested at his southern Adelaide home after both state and federal authorities tracked his unique internet protocol (IP) address. His school principal reported his crimes through ACORN. Magistrate Cathy Deland, herself a CBA customer, confessed that she was “making a big step” ordering a “family conference” — a move supported by police — but said the law need to concentrate on rehabilitation, reports Adelaide Now. She believed that he was unlikely to reoffend and had not demanded any “ransom”. Ms Deland said his crimes stopped classmates from learning while his attack on the CBA was “just massive”. She told him: “I don’t know that anyone would be able to put a price on repairing the disruption that you caused. I have no doubt it would have been millions of dollars. “I have no doubt that you would not have thought much about the consequences. I am in the difficult situation having to weigh up your incredible stupidity against … your rehabilitation.” The boy and his family refused to comment outside court. Source: http://www.techworm.net/2016/08/teen-hacker-walks-free-carrying-ddos-attacks-bank-e-crime-portal.html

Follow this link:
Teen hacker walks free after carrying out DDoS attacks on bank and e-crime portal

Attackers could abuse DNSSEC-secured domains for DDoS attacks: report

A majority or 80% of DNSSEC-secured domains could be used to amplify distributed denial of service (DDoS) attacks, at an average factor of 28.9 times, according to a recent report by Neustar which studied nearly 1,350 domains with DNSSEC deployed. The report points out that the domains had not properly deployed DNSSEC-signing of their domains, leaving them vulnerable to DDoS attacks. “Neustar has correctly pointed out the additional amplification factor related to misconfigured DNSSEC vs. legacy DNS, where the inclusion of the digital signature allows for a somewhat higher than a normal DNS amplification attack,” says Corero Network Security COO Dave Larson, in a statement. “However, the point that must be stressed related to this or any other DDoS amplification vectors is that operators of any network – whether they include DNS service or not – should have their networks configured not to respond to spoofed IP requests. In addition, DNS operators should configure their DNS servers not to respond to ‘ANY’ requests in order to squelch the opportunity for the server to be leveraged for malicious use.” Larson adds that on the flip side, the impact to the receiving end of the attack can be especially problematic. The fragmented and amplified attack technique, utilizing DNS or DNSSEC can cause outages, downtime and potential security implications for Internet Service Providers if they are relying on out-of-band DDoS protection mechanisms. Furthermore, organizations relying on traditional IT and security infrastructure such as firewalls and load balancing equipment are no match for these attacks. “A comprehensive in-line and automatic mitigation method for removing DDoS attacks is the recommended approach for dealing with all types of DDoS attacks – DNS and beyond,” noted Larson. Source: http://www.networksasia.net/article/attackers-could-abuse-dnssec-secured-domains-ddos-attacks-report.1471485281

Visit link:
Attackers could abuse DNSSEC-secured domains for DDoS attacks: report

DDoS attacks on the rise in Asia Pacific

The Asia Pacific region experienced 34,000 distributed denial of service (DDoS) attacks in the second quarter of 2016, according to Nexusguard’s Q2 2016 Threat Report – Asia-Pacific. The figure represents a 43 percent increase from the previous quarter. Even though Network Time Protocol (NTP) attacks dominated the type of attacks in the region (90 percent), such attacks were less common in other parts of the world (46 percent). The report also found that attack durations were longer in the Asia Pacific region as compared to global incidents, which is likely due to many scripted attack tools with set duration values. China remains as one of the top three target countries in the region. According to Nexusguard, a Chinese target was hit 41 times over the course of about a month of constant attacks. Nexusguard researchers attributed these attacks to the malware the victim had hosted over the last two years. The largest increase was observed in Hong Kong, accounting for a 57 percent rise in attacks. With hackers are experimenting with new attack methodologies, and events happening in the Asia Pacific region, Nexusguard researchers expect to see a spike in DDoS attacks in the third quarter of this year. “We expect the upward trend in the frequency of attacks to continue this year, especially with more attention on the Summer Olympics [in Brazil] and political dispute in the APAC region,” said Terrence Gareau, Chief Scientist at Nexusguard. “And as Pokémon Go gradually launches across the Asian market, Nexusguard analysts expect attack groups will launch more public attacks. This activity increases visibility and positioning as DDoS-for-hire services, the popularity of which we noted from the consistent time durations this quarter,” he added. Source: http://www.mis-asia.com/resource/security/ddos-attacks-on-the-rise-in-asia-pacific/

More:
DDoS attacks on the rise in Asia Pacific

Rio 2016: DoS attack made on Swimming Australia website after Mack Horton’s drug remarks

Swimming Australia’s website has been hit by a denial of service (DoS) attack. The ABC has learned the site is operating in an “under attack” mode in the wake of Olympic gold medallist Mack Horton’s comments about his Chinese competitor Sun Yang being a drug cheat. While the site has continued to operate, it has deployed software to check the veracity of every browser accessing the page to ensure they are legitimate. Horton’s social media has been bombarded with hundreds of thousands of negative comments from China. Swimming Australia is not commenting publicly but it is understood the attack has been referred to the Government for investigation. Security analyst Marco Ostini from AusCERT, a non-profit organisation that protects organisations from cyber attacks, said DoS attempts were extremely common. “It’s actually a very difficult problem to put a number on,” he said. “It’s certain though … based on all malicious metrics on the internet, it’s increasing.” Mr Ostini said without seeing the internet traffic and logs associated with Swimming Australia’s page it was hard to work out what had happened, but he doubted it was a high-level attack. “I’d be really surprised if it was [China] state-sanctioned attackers causing trouble for Swimming Australia,” he said. “It’s possibly more likely just a large amount of interested people who are expressing themselves in possibly posting comments [on the website].” Source: http://www.abc.net.au/news/2016-08-11/rio-2016-dos-attack-made-swimming-australia-website/7721848

Read the original:
Rio 2016: DoS attack made on Swimming Australia website after Mack Horton’s drug remarks

Meet DDoSCoin, the cryptocurrency that pays when you p0wn

Proof-of-work turned to nefarious purposes, like taking down a Census A curious proof-of-work project built on cryptocurrency has emerged that offers a means to prove participation in distributed denial of service (DDoS) attacks.…

The Hidden Role of DDoS in Ransomware Attacks

Dave Larson offers advice for organisations wishing to protect themselves from the latest types of cyber-extortion Ransom demands and DDoS attacks are now, more than ever, being used together in inventive new techniques to extract money from victims. This ranges from hackers threatening to launch a DDoS attack unless a ransom is paid, to the recent reports of a multi-layered cyber-attack combining ransomware and DDoS attacks in one. But what is often less understood is the way that sub-saturating DDoS attacks are regularly being used as a precursor to ransomware incursion. Because these attacks are so short – typically less than five minutes in duration – these low-bandwidth DDoS attacks allow hackers to test for vulnerabilities within a network, which can later be exploited through ransomware. Here we outline some of the typical methods of cyber-extortion involving DDoS attacks, and explain why automatic DDoS mitigation is such a key defence in the ongoing battle against ransomware. Extortion is one of the oldest tricks in the criminal’s book, and one of the easiest ways for today’s cyber-criminals to turn a profit. As a result, there are a significant number of techniques that hackers will utilise to try and extract money from victims. One of the most common is DDoS ransom attacks, where attackers threaten to launch a DDoS attack against a victim unless a ransom is paid. These attacks can affect any internet-facing organisation and are often indiscriminate in nature. In May, the City of London Police warned of a new wave of ransom-driven DDoS attacks orchestrated by Lizard Squad, in which UK businesses were told that they would be targeted by a DDoS attack if they refused to pay five bitcoins, equivalent to just over £1,500. According to the results of a recent survey, 80 percent of IT security professionals believe that their organisation will be threatened with a DDoS attack in the next 12 months – and almost half (43 percent) believe their organisation might pay such a demand. But despite the prevalence of DDoS ransom attacks, and its longevity as a technique, nothing elicits the same degree of alarm among security teams as the current threat of ransomware. This type of malware is estimated to have cost US businesses as much as US$ 18 million (£13.7 million) in a single year, and has already claimed a string of high-profile victims including hospitals and public bodies. Earlier this month, European police agency Europol launched a new ransomware advice service aimed at slowing down its exponential rise. But when it comes to protecting your organisation’s data from being encrypted and lost, most advice focuses on recovery, rather than prevention. This includes having a good backup policy, which ideally involves serialising data so that multiple versions of the files are available, in case newer versions have been encrypted. But what about taking a more proactive stance? We know that ransomware is usually delivered via email, inviting respondents to click on a link to download malware. Typically the themes of these emails include shipping notices from delivery companies or an invitation to open other documents that the recipient supposedly needs to review. It’s true that many of these emails are sent opportunistically and on a blanket basis to a wide number of potential victims. But we are also seeing an increase in more targeted attacks, designed to gain access to a specific organisation’s networks. After all, attacking a larger, more high-profile organisation would normally command a higher potential ransom reward, so hackers are investing an increasing amount of time researching specific victims and locating their vulnerabilities – usually through a variety of automated scanning or penetration techniques, many of which are increasingly incorporating the use of sub-saturating, low-bandwidth DDoS vectors. Most people associate the term ‘DDoS’ with system downtime, because the acronym stands for “Distributed Denial of Service”. But DDoS threats are constantly evolving, and many hackers now use them as a sophisticated means of targeting, profiling, and infiltrating networks. Short, sub-saturating DDoS attacks are typically less than five minutes in duration, meaning that they can easily slip under the radar without being detected by some DDoS mitigation systems. Five minutes may seem like an insignificant amount of time – but an appropriately crafted attack may only need a few seconds to take critical security infrastructure, like firewalls and intrusion prevention systems (IPS) offline. While IT teams are distracted by investigating what might be causing these momentary outages on the network, hackers can map the floor plan of their target’s environment, and determine any weak points and vulnerabilities that can later be exploited through other methods, such as ransomware. It is only by deploying an in-line DDoS mitigation system that is always-on, and can detect and mitigate all DDoS attacks as they occur, that security teams can protect themselves from hackers fully understanding all possible vulnerabilities in their networks. While these short DDoS attacks might sound harmless – in that they don’t cause extended periods of downtime – IT teams who choose to ignore them are effectively leaving their doors wide open for ransomware attacks or other more serious intrusions. To keep up with the growing sophistication and organisation of well-equipped and well-funded threat actors, it’s essential that organisations maintain a comprehensive visibility across their networks to spot and resolve any potential incursions as they arise. Source: http://www.scmagazineuk.com/the-hidden-role-of-ddos-in-ransomware-attacks/article/514229/