Monthly Archives: July 2016

Hong Kong Student Gets Probation Time for DDoS Attack During Occupy Campaign

A judge at the Fanling Court in Hong Kong has sentenced Chu Tsun-wai, 20, of Hong Kong, to 15 months of probation for launching a DDoS attack on a Chinese bank’s website during the 2014 Hong Kong Occupy protests. The judge also ruled that the suspect’s Mac computer be confiscated as punishment for carrying out the attack, SCMP reports. Chu, who is one of the top students at his university, had decided to get involved in the Occupy protests that were taking place in Hong Kong during the autumn of 2014. Teen was inspired by one of Anonymous Asia’s videos The teen saw a video posted online by the Anonymous hacker collective, which was warning Hong Kong police to stop the violence against Hong Kong Occupy protesters. The group threatened to hack government websites and release personal information belonging to Hong Kong police officers. The group also called out for others to participate in its protests. The prosecution says that Chu went online and searched on Google for ways to carry out DDoS attacks. He launched one such DDoS attack against the Shanghai Commercial Bank’s website. Police say that the student sent 6,652 HTTP requests in 16 seconds on the bank’s website, on October 12, 2014. Bank website barely noticed the attack This sounds odd since a Web server should, in theory, be capable of handling much more than 6,000 requests per second, but Chinese authorities have come down hard on people who participated in the protests, to begin with. The judge was lenient on Chu because this was his first offense and because the bank’s website didn’t go offline. Chinese news outlet Ejinsight reports that one of Chu’s professors wrote the judge a letter asking the judge to give the suspect a second chance. Public broadcaster RTHK reported that Chu also stands to face disciplinary hearings at his university. Below is the original video that started it all, with the Anonymous group calling out for attacks against Hong Kong police officials during the Occupy protests. Source: http://news.softpedia.com/news/hong-kong-student-gets-probation-time-for-ddos-attacks-during-occupy-campaign-506720.shtml

View article:
Hong Kong Student Gets Probation Time for DDoS Attack During Occupy Campaign

DDoS attacks increase by over 80 percent

In the second quarter of this year DDoS attacks increased by 83 percent to more than 182,900, according to the latest threat report from security solutions company Nexusguard. The report shows that Russia has become the number one victim country. Starlink — a Russian ISP supporting small, medium and large enterprises — received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter. Nexusguard’s researchers attributed this increase to nationalist hactivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity. As a result, they advise businesses to safeguard their infrastructures and check service provider security to ensure continuity for their web presence. The United States and China continue to hold spots in the top three target countries. Brazil remains in the top 10, as well, but saw its attacks decline by more than half. Nexusguard also recorded increases in other attack varieties, including routing information protocol (RIP) and multicast domain name system (mDNS) threats. Hackers are experimenting with new attack methodologies, and with the upcoming Olympics in Brazil and political tensions around the world, researchers predict these factors will contribute to a DDoS spike in Q3. “We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” says Terrence Gareau, chief scientist at Nexusguard. “Organizations can expect cyberattacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the US. The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure”. Source: http://betanews.com/2016/07/27/ddos-attacks-increase-by-over-80-percent/

DDoS attacks increase 83%, Russia top victim

DDoS attacks increased 83 percent to more than 182,900 attacks in the second quarter of the year, according to Nexusguard. The newest report shows that Russia has become the No. 1 victim country. Starlink – a Russian ISP supporting small, medium and large enterprises – received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, … More ?

Read the original:
DDoS attacks increase 83%, Russia top victim

Internet Service Providers Under DDOS Attack in Mumbai, Probe Ordered

“Thus, an attack on ISPs is an attack on the nation”. Internet Service Providers (ISPs) in Mumbai are facing an unprecedented attack by hackers which has reduced surfing speeds in the city. Inspector General of Police (Cyber Crime) Brijesh Singh said, “Some unknown people are involved in crashing the ports of Internet Service Providers by making lakhs of requests at a particular terminal at a particular time, which we call “Distributed Denial Of Service”. According to the post on The Hindu, IGP (Cyber Crime) Brijesh Singh said, ‘An FIR has been filed with the Cyber police station in BKC under sections 43 (F) and 66 of the Information Technology Act. They also said the attack was still being carried out. “We have registered an FIR and started tracking down the operators who are trying to crash the servers or ports of ISPs”, he said, adding that the attack has slowed down the internet services and affected subscribers of ISPs. “We are investigating the matter”. Other than this, it’s not clear which ISPs are affected although this reddit thread claims that Airtel is the primary ISP being DDoSed, which distributes broadband to other smaller companies, leading to network blockages across a wide range of ISPs. The attack, however, still continues. The resources behind the attack have to be considerable. “Kindly bare with us as we are trying to solve this problem in very short period with the help of high skilled technicians. please be with us and let’s fight against these hackers (sic)”. As of Monday morning, small and medium ISPs are still struggling to provide uninterrupted service to users. IT expert Vijay Mukhi says, “The idea of a DDoS is to make a computer or a server very slow so that anyone who uses an ISP’s services can not connect. All a hacker has to do is buy enough infected IP addresses and use them for a DDOS attack”. Typically, DDoS attacks are targeted at big websites or platforms with the intention of taking them down or blocking access to them. Source: http://nanonews.org/internet-service-providers-under-ddos-attack-in-mumbai/

More:
Internet Service Providers Under DDOS Attack in Mumbai, Probe Ordered

MIT Faced 35 DDoS Attacks in the First Six Months of 2016

Attackers targeted the servers of the Massachusetts Institute of Technology (MIT) 35 times in the first six months of the year, according to a threat advisory released by Akamai, a content delivery network and cloud services provider headquartered in Cambridge, Massachusetts. The biggest of these incidents was a DDoS attack that lasted a day, starting on June 7, that peaked at 295 Gbps and 58.6 million packets per second, combining different vectors such as DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood. Compared to other attacks recorded globally in the first six months, according to Arbor Networks, this MIT DDoS attack is one of the 46 such attacks that went over the 200 Gbps limit, with the absolute record being 597 Gbps . Kaiten botnet behind massive 295 Gbps attack Akamai believes that this attack took place at the hands of a botnet powered by the Kaiten malware. Prior to the 295 Gbps DDoS attack, MIT suffered an 89.35 Gbps attack as well. Attackers targeted multiple IPs in MIT’s network and used a combination of 14 different DDoS flood types. Akamai says that 43 percent of these attacks used protocols susceptible to DDoS reflection flaws that amplified the attacker’s traffic. The company detected 18,825 different sources of reflected traffic, with the most located in China. China’s presence on any DDoS source list should not be a surprise by now to anyone since the country is the source of much of today’s vulnerable equipment that gets connected online, a source ready for the taking for any determined hacker. DDoS attacks are on the rise The same Arbor Networks reports cites an overall increase in terms of DDoS attacks globally, a trend which has continued in July as well. Just this week, we reported on DDoS attacks against WikiLeaks , after announcing it would release emails from Turkey’s main political party; against the Rio de Janeiro court that banned WhatsApp in Brazil; Steemit social network ; the Philippines government websites ; Pokemon GO servers ; the HSBC bank ; and against the US Congress , US Library of Congress, and the US Copyright Office. Source: http://news.softpedia.com/news/mit-faced-35-ddos-attacks-in-the-first-six-months-of-2016-506542.shtml

See the original post:
MIT Faced 35 DDoS Attacks in the First Six Months of 2016

Anonymous Launches DDoS Attacks Against Rio Court Website

Members of the hacktivist collective Anonymous reportedly launched distributed denial-of-service (DDoS) attacks against the website of the Court of Rio de Janeiro for its decision to block WhatsApp in Brazil. The DDoS attacks against the Court of Rio de Janeiro allegedly forced the site offline for a period. Members of Anonymous Brazil confirmed the attack on their Facebook page saying, “Court of Justice of the state of Rio de Janeiro off in protest to the blockade of the WhatsApp.” The Rio Court recently ruled to block WhatsApp in Brazil as the application will not decrypt communications for criminal investigation procedures, according to reports. The Court of Rio de Janeiro had allegedly sent three court orders to receive specific information from WhatsApp related to criminal investigations. WhatsApp implemented end-to-end encryption to its messages between users in April 2016. The message service provider said it is unable to disclose data on these communications. Court orders through out Brazil have previously ordered a ban on WhatsApp for similar reasons during criminal investigations in December 2015, February and May 2016, according to reports. The website of the Court of Rio de Janeiro is fully restored and functional at the time of this post. WhatsApp service in Brazil has also been restored to users through out the country. Source: http://www.batblue.com/anonymous-launches-ddos-attacks-rio-court-website/

Visit site:
Anonymous Launches DDoS Attacks Against Rio Court Website

Massive DDoS Attack Shut Down Several Pro-ISIS Websites

A team of attackers shut down several ISIS aka Daesh websites against terrorist attacks in Nice and Middle Eastern countries! Terrorism has no religion that’s why whenever a terrorist attack is carried out the victims are innocent people irrespective of race or religion. Hackers and DDoSers, on the other hand, are well aware of the enemy and that’s why recently an attacker going by the handle of ”Mons” conducted a series of DDoS attacks using NetStresser tool just a couple of days ago. The reason for targeting these sites was to protest against the sudden increase of terrorist attacks in France and Middle Eastern countries. In a conversation with HackRead, Mons said that he also got assistance from the owner of BangStresser , the famous DDoSing tool which was allegedly used to shut down BBC’s servers and Donald Trump’s website in one of the largest DDoS attacks ever. However, the attack on pro- ISIS websites varied from 50 Gbps to 460 Gbps. Mons further stated that ”We worked together to take down several ISIS websites. This is for obvious reasons. We want to help in any way we can to weaken their influence that threatens and, to some length, literally destroys our very democracy and human rights. Especially after the recent attacks in France and Arabic countries, our wrath has grown. This war needs to be fought on many fronts, and we try to cover one of them.” Here is a screenshot showing the list of targeted websites along with tweets that show earlier attacks on pro-ISIS sites. Upon checking the history on some targeted sites we can confirm the sites were spreading violent content along with terrorist ideology however at the time of publishing this article some sites were restored while some were listed for sale. This is not the first time when attackers have targeted pro-ISIS platforms. In the past, Anonymous did not only conduct cyber attacks but also exposed companies hosting those sites — Anonymous had also blamed CloudFlare for protecting terrorists’ websites from DDoS attacks but the company had denied the allegations. Source: https://www.hackread.com/ddos-attack-on-pro-isis-websites/

See the article here:
Massive DDoS Attack Shut Down Several Pro-ISIS Websites

Bart ransomware victims get free decryptor

AVG malware analyst Jakub Kroustek has devised a decryptor for Bart ransomware, and the company has made it available for download (for free). Bart ransomware This particular piece of malware was first spotted in late June, being delivered via spam emails sent out by the Necurs botnet – the botnet that’s responsible for the onslaught of Locky ransomware and the Dridex Trojan. Bart is not your typical crypto ransomware as it doesn’t encrypt victims’ files. … More ?

See the original article here:
Bart ransomware victims get free decryptor

US Congress websites recovering after three-day DDoS attack

Library of Congress among the victims to go temporarily offline. Several websites owned and operated by the United States Congress are recovering from a three-day distributed denial-of-service (DDoS) attack. The DDoS campaign began on July 17 when the websites for the Library of Congress (LoC) began experiencing technical difficulties. A day later, the websites went temporarily offline: During the attack, Library of Congress employees were unable to access their work emails or visit any of the Library’s websites. Softpedia reports the attackers ultimately overcame initial defense measures to escalate their campaign. Specifically, they brought down two additional targets: congress.gov, the online portal for the United States Congress; and copyright.gov, the website for the United States Copyright Office. On Tuesday morning, things started to get back to normal. Some email accounts were functioning, writes FedScoop, but other online properties by the LoC remained offline. As of this writing, the three government portals affected by the attack are back online. Tod Beardsley, a senior research manager for Boston-based cybersecurity firm Rapid7, feels that denial-of-service attacks remain popular because of how difficult it is for a target to mitigate a campaign while it is still in progress. As he told FedScoop : “DoS attacks that leverage DNS as a transport is a common mechanism for flooding target sites with unwanted traffic for two reasons. [First,] DNS traffic is often passed through firewalls without traffic inspection, since timely responses to DNS are critical for many networked environments. [And] second, DNS nearly always uses User Datagram Protocol, or UDP, rather than Transmission Control Protocol, or TCP, and UDP-based protocols like DNS are connectionless. As a result of this design, it’s easier for attackers to forge data packets with many fake source addresses, making it difficult to filter good data over bad.” Network filtering devices can help, but only if a company decides to buy one. Perhaps the Library of Congress didn’t own such a device or lacked a service provider with expertise in mitigating DoS/DDoS attacks. There’s little companies can do to protect against DDoS attacks, as script kiddies with a few bucks can rent a botnet online to attack whichever target they choose. With that in mind, organizations should prepare for these attacks by investing in DDoS mitigation technologies that can in the event of an attack help accommodate and filter attack traffic. Source: https://www.grahamcluley.com/2016/07/congress-website-ddos/

See more here:
US Congress websites recovering after three-day DDoS attack

Slew of WP-based business sites compromised to lead to ransomware

If an approach works well, there is no reason to change tack, and the masters of the SoakSoak botnet are obviously of the same belief. A year and a half after they have been spotted compromising WP-based websites through vulnerabilities in the Slider Revolution (“RevSlider”) plugin and redirecting visitors to the malware-laden SoakSoak.ru website, they are at it again. “Websites are often compromised by botnets that scan websites for vulnerable software or application plugins,” Invincea’s … More ?

View article:
Slew of WP-based business sites compromised to lead to ransomware