High schooler allegedly hired third party to DDoS his school district

A 17-year-old high school boy may face state and federal charges for allegedly having paid a third party to launch a distributed denial of service (DDoS) attack that crippled the West Ada school district in Idaho, US, for a week and a half earlier this month. Because he’s a minor, he can’t be named. A DDoS is an attack wherein the servers of a targeted online service are slowed to a crawl with loads of pointless data like email or file uploads that clog up their processing ability. KTVB reports that West Ada students suffered assorted misery because of the attack, including losing their work on the Idaho Standard Achievement tests. Some students had to take the tests multiple times. Meanwhile, online classes and textbooks weren’t available for much of the week, and faculty and staff had problems accessing administrative and business systems, including payroll. The school district’s IT staff eventually traced an IP address back to the 17-year-old, who was suspended from Eagle High. School officials are recommending that he be expelled. The sheriff’s office told the TV station that the boy will likely be charged with a felony charge of computer crime, which is punishable by up to 180 days in a juvenile detention facility. In addition, his family will be responsible for financial restitution to cover costs incurred by the school district. Operations at more than 50 schools were disrupted because of the attack. As of Wednesday, investigators were also looking into whether a younger student – one attending Eagle Middle School – attempted a similar attack this week. School officials sent parents a letter on Friday that urged them to talk with their children about the consequences of committing cyber attacks such as this one. We can assure students and parents that the consequences associated with a DDoS attack are far from trivial. Examples include two online gaming programmers from Poland who were given 5-year jail sentences in December 2013 for DDoS and cyber-extortion of a UK online marketing company and a US internet software company. In that same month, a US man was fined $183,000 (£116,772) after joining, for merely 1 minute, an Anonymous DDoS of the enormous, multinational corporation Koch Industries. When it comes to DDoS, the law doesn’t spare you if you’re a kid. In fact, a 16-year-old London schoolboy was arrested under suspicion of involvement in the 2013 DDoS attack against Spamhaus: an attack of unprecedented ferocity. He pleaded guilty in 2014. Then too, a UK teenager was arrested in January for possibly having a hand in the PlayStation/Xbox Live DDoS that Grinched up gamers’ Christmas day playing. We often hear DDoS’ers trying to justify DDoSes under the premise that really, companies should be thanking the attackers for “raising awareness” of their vulnerability. That’s an old, tired spiel that we got from Lizard Squad members after they ruined Christmas with their XBox Live/PlayStation attack. Or, in the words of a man who claimed to speak for the attackers, they did it … …to raise awareness, to amuse ourselves… But as Naked Security’s Mark Stockley said at the time, a DDoS attack isn’t a skilful hack. You don’t need elite lock-picking skills to pull it off, because you’re not picking a lock. Rather, you’re blocking the door from the outside with as much garbage as you can pile up. Is DDoSing a company, or your school, or any online service, worth the lulz? For an answer, we can ask the LulzSec guys—If they’re out of prison, maybe they can let us know. Source: https://nakedsecurity.sophos.com/2015/05/22/high-schooler-allegedly-hired-third-party-to-ddos-his-school-district/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed

Read the article:
High schooler allegedly hired third party to DDoS his school district

DDoS attack downs University of London learning platform

A harsh lesson, now stand in corridor for four hours The University of London Computer Centre fell victim to a cyber-attack on Thursday.…

Read this article:
DDoS attack downs University of London learning platform

DDoS attacks double, old web application attack vectors still active

Akamai Technologies analyzed thousands of DDoS attacks as well as nearly millions of web application attack triggers across the Akamai Edge network. A surge in DDoS attack activity Q1 2015 set a…

Read the article:
DDoS attacks double, old web application attack vectors still active

‘Millions’ of routers open to absurdly outdated NetUSB hijack

Vulnerability may allow ne’er-do-wells to access the 1990s SEC Consult Vulnerability Lab Stefan Viehbock says potentially millions of routers and internet of things devices using KCodes NetUSB could be exposed to remote hijacking or denial of service attacks.…

Originally posted here:
‘Millions’ of routers open to absurdly outdated NetUSB hijack

DDoS reflection attacks are back

At the start of 2014, attackers’ favorite distributed denial of service attack strategy was to send messages to misconfigured servers with a spoofed return address – the servers would keep trying to reply to those messages, allowing the attackers to magnify the impact of their traffic. As those servers got patched, this strategy became less and less effective. But now it’s back, according to a new report from Akamai. Except this time, instead of hitting data center servers or DNS servers, the attackers are going after personal computers on misconfigured home networks. According to Eric Kobrin, Akamai’s director of information security responsible for adversarial resilience, the attackers are taking advantage of plug-and-play protocols, commonly used by printers and other peripheral devices. These attacks, known as Simple Service Discovery Protocol (SSDP) attacks, are now the single largest attack vector for DDoS attacks, accounting for 21 percent of all attacks, up from 15 percent last quarter, and less than 1 percent at this time last year. “There are infectable SSDP services all over the Internet,” he said. “As they are discovered, we help work with people to shut them down.” Although each particular device has just a fraction of the bandwidth available to data center-based servers, there are more of them. “There’s a fertile ground of home systems,” he said. “A property configured home firewall can block this, but there are many improperly configured home systems connected to the Internet – and there are also industrial systems that can be used to reflect attacks as well.” This attack source is also harder to shut down, he said. “It’s easier to go into the data center and have the service providers do the clean-up,” he said. Last quarter, SYN flood attacks – where “synchronize” messages are sent to servers – was the leading attack vector, accounting for 17 percent of all attacks, down slightly from 18 percent of all attacks at the start of 2014. There has also been a change in the size of the median attack, and the typical size range of attacks, Kobrin said, as defensive measures have improved. “The smallest effective attack size has increased, year over year,” he said. “It’s because the smallest attacks are no longer effective.” Another type of DoS attack has gained a foothold for the first time this year. SQL injections, normally used to gain access to systems for the purpose of stealing data, are now being used to shut down Web sites as well. Akamai saw more than 52 million SQL injection attacks during the first quarter of 2015, which accounted for 29 percent of all Web application attacks. The most common targets for SQL injection attacks were retail, travel and media websites. Finally, another attack vector that’s just now starting to make an impact is domain hijacking. “People are actually attacking the registries and getting their own information put in, so the big sites are losing control of their DNS infrastructure,” Korbin said. There have been a few high-profile cases so far, he said, mostly politically motivated, but not yet enough data to measure a trend. “We didn’t see it much in 2012, started seeing a little bit of it in 2013 and 2014, and seeing it more of it now,” he said. He recommended that companies switch on two-factor authentication for their email systems when available, ensure that employees don’t reuse credentials, ask their domain registrars to put a lock on their domains, and, finally, keep a close eye on traffic numbers to spot a drop-off as soon as it happens. With these domain redirects, the attackers are not only able to shut down the legitimate website, but also put up their own content under that website’s brand. Source: http://www.csoonline.com/article/2923832/business-continuity/ddos-reflection-attacks-are-back-and-this-time-its-personal.html

More:
DDoS reflection attacks are back

Hong Kong Banks Targeted By DDoS Attacks, Bitcoin Payout Demanded

On May 9, an general organisation of hackers launched distributed rejection of use (DDoS) attacks on dual of a largest financial institutions in Hong Kong. Hong Kong military reliable that they have perceived reports from a Bank of China and a Bank of East Asia claiming that a hackers demanded payments in bitcoin. “The dual institutions after perceived emails perfectionist payments in bitcoins, or there would be another turn of attacks,” a orator said. According to The Standard Hong Kong, a hackers impressed a websites of a dual banks with trade from mixed sources, causing strange spikes in Internet trade and forcing some of a websites’ resources to be unavailable. However, both banks stressed that nothing of a information and patron accounts were compromised. Finance Magnets reported that a Cyber Security and Technology Crime Bureau has personal a box as “blackmail” and has begun an investigation. The conflict imposed on a dual banks is identical to a DDoS attacks launched on a central corporate websites of banks in China and Hong Kong, many particularly a People’s Bank of China in late 2013. The investigators during a time believed that a attacks were a outcome of a distribution of new manners that taboo financial institutions from traffic with bitcoin. attack, as a response to prohibiting a use of digital currencies in China. The internal media began to assume that a new conflict instituted on a Bank of China and a Bank of East Asia competence have been launched by a organisation of hackers famous as DD4BC. The organisation is now listed on Bitcoin Bounty Hunter and has pounded several websites, including Finnish Bitcoin wallet and sell Bitalo and Bitcoin sports betting height Nitrogensports. “DD4BC threatens a Bitcoin Community with DDoS extortion, blackmailing and slander,” Bitcoin Bountry Hunter explained. “Famous Bitcoin services like Bitalo.com and Nitrogensports.com were pounded and blackmailed.” The banks declined to recover information of a emails perceived by a hackers and a volume of BTC demanded. If a DDoS attacks are continuing, a dual banks might remove adult to $100,000 an hour, American Banker reports. AMR (American Banker Reports) settled that “the normal bandwidth consumed by a DDoS conflict increasing to 7.39 gigabits per second, according to Verisign’s research of DDoS attacks in a fourth entertain of 2014.” A few days have upheld given a Cyber Security and Technology Crime Bureau began questioning a case, though a box hasn’t showed any progress. Source: http://blog.downforjust.me/hong-kong-banks-targeted-by-ddos-attacks-bitcoin-payout-demanded/

View post:
Hong Kong Banks Targeted By DDoS Attacks, Bitcoin Payout Demanded

Chinese cyber-spies hid botnet controls in MS TechNet comments

Online spooks hide ‘numbers station’ control node in plain sight Cyber-spies are increasingly attempting to hide their command and control operations in plain sight by burying their command infrastructure in the forums of internet heavyweights, including Microsoft.…

Read more here:
Chinese cyber-spies hid botnet controls in MS TechNet comments

Time to patch your Cisco TelePresence systems

Because you can’t be telepresent when the bad guys are DOSing you Cisco TelePresence kit and software need patching after the company turned up vulnerabilities that open them up to remote command injection and denial of service attacks.…

View original post here:
Time to patch your Cisco TelePresence systems

SAP crypto offers customers choice of remote code execution or denial of service

Home-baked encryption followed the wrong recipe Yet another proprietary implementation of a popular protocol has turned up unexpected vulnerabilities, with SAP’s data compression software open to remote code execution and denial-of-service exploits.…

View original post here:
SAP crypto offers customers choice of remote code execution or denial of service

How organisations can eliminate the DDoS attack ‘blind spot’

Most DDoS defence solutions are missing critical parts of the threat landscape thanks to a lack of proper visibility. Online organisations need to take a closer look at the problem of business disruption resulting from the external DDoS attacks that every organisation is unavoidably exposed to when they connect to an unsecured or ‘raw’ Internet feed. Key components of any realistic DDoS defense strategy are proper visualisation and analytics into these security events. DDoS event data allows security teams to see all threat vectors associated with an attack – even complex hybrid attacks that are well disguised in order to achieve the goal of data exfiltration. Unfortunately, many legacy DDoS defense solutions are not focused on providing visibility into all layers of an attack and are strictly tasked with looking for flow peaks on the network. If all you are looking for is anomalous bandwidth spikes, you may be missing critical attack vectors that are seriously compromising your business. In the face of this new cyber-risk, traditional approaches to network security are proving ineffective. The increase in available Internet bandwidth, widespread access to cyber-attack software tools and ‘dark web’ services for hire, has led to a rapid evolution of increasingly sophisticated DDoS techniques used by cyber criminals to disrupt and exploit businesses around the world. DDoS as a diversionary tactic Today, DDoS attack techniques are more commonly employed by attackers to do far more than deny service. Attack attempts experienced by Corero’s protected customers in Q4 2014 indicate that short bursts of sub-saturating DDoS attacks are becoming more of the norm. The recent DDoS Trends and Analysis report indicates that 66% of attack attempts targeting Corero customers were less than 1Gbps in peak bandwidth utilisation, and were under five minutes in duration. Clearly this level of attack is not a threat to disrupt service for the majority of online entities. And yet the majority of attacks utilising well known DDoS attack vectors fit this profile. So why would a DDoS attack be designed to maintain service availability if ‘Denial of Service’ is the true intent? What’s the point if you aren’t aiming to take an entire IT infrastructure down, or wipe out hosted customers with bogus traffic, or flood service provider environments with massive amounts of malicious traffic? Unfortunately, the answer is quite alarming. For organisations that don’t take advantage of in-line DDoS protection positioned at the network edge, these partial link saturation attacks that occur in bursts of short duration, enter the network unimpeded and begin overwhelming traditional security infrastructure. In turn, this activity stimulates un-necessary logging of DDoS event data, which may prevent the logging of more important security events and sends the layers of the security infrastructure into a reboot or fall back mode. These attacks are sophisticated enough to leave just enough bandwidth available for other multi-vector attacks to make their way into the network and past weakened network security layers undetected. There would be little to no trace of these additional attack vectors infiltrating the compromised network, as the initial DDoS had done its job—distract all security resources from performing their intended functions. Multi-vector and adaptive DDoS attack techniques are becoming more common Many equate DDoS with one type of attack vector – volumetric. It is not surprising, as these high bandwidth-consuming attacks are easier to identify, and defend against with on-premises or cloud based anti-DDoS solutions, or a combination of both. The attack attempts against Corero’s customers in Q4 2014 not only employed brute force multi-vector DDoS attacks, but there was an emerging trend where attackers have implemented more adaptive multi-vector methods to profile the nature of the target network’s security defenses, and subsequently selected a second or third attack designed to circumvent an organisation’s layered protection strategy. While volumetric attacks remain the most common DDoS attack type targeting Corero customers, combination or adaptive attacks are emerging as a new threat vector. Empowering security teams with DDoS visibility As the DDoS threat landscape evolves, so does the role of the security team tasked with protecting against these sophisticated and adaptive attacks. Obtaining clear visibility into the attacks lurking on the network is rapidly becoming a priority for network security professionals. The Internet connected business is now realising the importance of security tools that offer comprehensive visibility from a single analysis console or ‘single pane of glass’ to gain a complete understanding of the DDoS attacks and cyber threats targeting their Internet-facing services. Dashboards of actionable security intelligence can expose volumetric DDoS attack activity, such as reflection, amplification, and flooding attacks. Additionally, insight into targeted resource exhaustion attacks, low and slow attacks, victim servers, ports, and services as well as malicious IP addresses and botnets is mandatory. Unfortunately, most attacks of these types typically slide under the radar in DDoS scrubbing lane solutions, or go completely undetected by cloud based DDoS protection services, which rely on coarse sampling of the network perimeter. Extracting meaningful information from volumes of raw security events has been a virtual impossibility for all but the largest enterprises with dedicated security analysts. Next generation DDoS defense solutions can provide this capability in a turn-key fashion to organisations of all sizes. By combining high-performance in-line DDoS event detection and mitigation capabilities with sophisticated event data analysis in a state-of-the-art big data platform, these solutions can quickly find the needles in the haystack of security events. With the ability to uncover hidden patterns of data, identify emerging vulnerabilities within the massive streams of DDoS attack and security event data, and respond decisively with countermeasures, next-generation DDoS first line of defense solutions provide security teams with the tools required to better protect their organization against the dynamic DDoS threat landscape. Source: http://www.information-age.com/technology/security/123459482/how-organisations-can-eliminate-ddos-attack-blind-spot  

Read this article:
How organisations can eliminate the DDoS attack ‘blind spot’