Monthly Archives: December 2016

Four evolved cyber-threats APAC organisations must pay attention to in 2017

US$81 million stolen from a Bangladesh bank. 500 million Yahoo! accounts swiped. A DDoS attack that brought down much of the internet. 2016’s cyber-attack headlines proved more than ever that companies have a visibility problem – they cannot see what is happening beneath the surface of their own networks. Based on Darktrace’s observations, the following predictions demonstrate the need for a new method of cyber defence – an immune system approach, to keep up with the fast-evolving threats that await us in 2017. 1. Attackers Will Not Just Steal Data – They Will  Change  It Today’s most savvy attackers are moving away from pure data theft or website hacking, to attacks that have a more subtle target – data integrity. We’ve seen ex-students successfully hack college computers to modify their grades. In 2013, Syrian hackers tapped into the Associated Press’ Twitter account and broadcasted fake reports that President Obama had been injured in explosions at the White House. Within minutes the news caused a 150-point drop in the Dow Jones. In 2017, attackers will use their ability to hack information systems not to just make a quick buck, but to cause long-term, reputational damage to individuals or groups, by eroding trust in data itself. The scenario is worrying for industries that rely heavily on public confidence. A laboratory that cannot vouch for the fidelity of medical test results, or a bank that has had account balances tampered with, are examples of organisations at risk. Governments may also fall foul of such attacks, as critical data repositories are altered, and public distrust in national institutions rises. These ‘trust attacks’ are also expected to disrupt the financial markets. An example of this is falsifying market information to cause ill-informed investments. We have already glimpsed the potential of disrupted M&A activity through cyber-attacks – is it a coincidence that the recent disclosure of the Yahoo hack happened while Verizon was in the process of acquiring the company? These attacks even have the power to sway public opinion. Hillary Clinton’s election campaign suffered a blow when thousands of emails from her campaign were leaked. An even graver risk would not be simply leaked emails but manipulation to create a false impression that a candidate has done something illegal or dishonourable. 2. More Attacks and Latent Threats Will Come from Insiders Insiders are often the source of the most dangerous attacks. They are harder to detect, because they use legitimate user credentials. They can do maximum damage, because they have knowledge of and privileged access to information required for their jobs, and can hop between network segments. A disgruntled employee looking to do damage stands a good chance through a cyber-attack. But insider threats are not just staff with chips on their shoulders. Non-malicious insiders are just as much of a vulnerability as deliberate saboteurs. How many times have links been clicked before checking email addresses? Or security policy contravened to get a job done quicker, such as uploading confidential documents on less secure public file hosting services? We can no longer reasonably expect 100 percent of employees and network users to be impervious to cyber-threats that are getting more advanced – they won’t make the right decision, every time. Organisations need to combat this insider threat by gaining visibility into their internal systems, rather than trying to reinforce their network perimeter. We don’t expect our skin to protect us from viruses – so we shouldn’t expect a firewall to stop advanced cyber-threats which, in many cases, originate from the inside in the first place. Just in the past year, immune system defence techniques have caught a plethora of insider threats, including an employee deliberately exfiltrating a customer database a week before handing in his notice; a game developer sending source code to his home email address so that he could work remotely over the weekend; a system administrator uploading network information to their home broadband router – the list goes on. Due to the increasing sophistication of external hackers, we are going to have a harder time distinguishing between insiders and external attackers who have hijacked legitimate user credentials. 3. The Internet of Things Will Become the Internet of Vulnerabilities According to IDC, 8.6 billion connected things will be in use across APAC in 2020, with more than half of major new business processes incorporating some element of IoT. These smart devices are woefully insecure in many cases – offering a golden opportunity for hackers. 2016 has seen some of the most innovative corporate hacks involving connected things. In the breach of DNS service Dyn in October, malware spread rapidly across an unprecedented number of devices including webcams and digital video recorders. In Singapore and Germany, we saw smaller but similar incidents with StarHub and Deutsche Telekom. Many of this year’s IoT hacks have gone unreported – they include printers, air conditioners and even a coffee machine. These attacks used IoT devices as stepping stones, from which to jump to more interesting areas of the network. However, sometimes the target is the device itself. One of the most shocking threats that we saw was when the fingerprint scanner that controlled the entrance to a major manufacturing plant was compromised – attackers were caught in the process of changing biometric data with their own fingerprints to gain physical access. In another attack, the videoconferencing unit at a sports company was hacked, and audio files were being transferred back to an unknown server in another continent. Want to be a fly on the wall in a FTSE100 company’s boardroom? Try hacking the video camera. 4. Artificial Intelligence Will Go Dark Artificial intelligence is exciting for many reasons – self-driving cars, virtual assistants, better weather forecasting etc. But artificial intelligence will also be used by attackers to wield highly sophisticated and persistent attacks that blend into the noise of busy networks. We have already seen the first glimpses of these types of attack. Polymorphic malware, which changes its attributes mid-attack to evade detection, has reinforced the obsoleteness of signature-based detection methods. What is emerging is a next generation of attacks that use AI-powered, customised code to emulate the behaviours of specific users so accurately as to fool even skilled security personnel. In 2017, we can expect AI to be applied to all stages of a cyber-attacker’s mission. This includes the ability to craft sophisticated and bespoke phishing campaigns that will successfully dupe even the most threat-conscious employee. Next year’s attacker can see more than your social media profile – they know that your 10am meeting with your supplier is being held at their new headquarters. At 9:15am, as you get off the train, an email with the subject line ‘Directions to Our Office’ arrives in your inbox, apparently from the person that you are meeting. Now, do you click the map link in that email? Source: http://www.mis-asia.com/tech/security/four-evolved-cyber-threats-apac-organisations-must-pay-attention-to-in-2017/?page=3

Originally posted here:
Four evolved cyber-threats APAC organisations must pay attention to in 2017

Tumblr outage reported in US and Europe; may be result of DDoS attack

Tumblr appears to the target of a distributed denial of service attack, with users unable to access the blogging site. The outage reportedly began just before 3:30pm ET, according to Down Detector. If the site manages to load anything, users receive a “service is temporarily unavailable” message.” Tumblr issued a jargon-filled tweet about 15 minutes into the outage, promising to fix the issue as soon as possible. Earlier on Wednesday, Tumblr hosted a question-and-answer on the humanitarian crisis in Aleppo, Syria. It’s unclear if the believed DDoS attack might be related to the ‘Answer Time’ discussion. Tumblr was one of more than 80 popular websites that were hit by three separate DDoS attacks on Dyn DNS, the internet traffic management company, on October 21. That targeted attack was believed to have been on the Internet of Things, or the multitude of smart devices such as webcams and thermostats that connect to the internet. A DDoS attack occurs when a server is overwhelmed with traffic in a targeted attack. Source: https://www.rt.com/usa/371183-tumbler-down-ddos-attack/

Continued here:
Tumblr outage reported in US and Europe; may be result of DDoS attack

Cyber criminals compromising virtual machines in cloud to increase scale of DDoS

The recently released Microsoft’s latest Security Intelligence Report states that cyber-criminals are compromising virtual machines in the cloud as a way to vastly increase the scale of Distributed Denial of Service Attacks (DDoS). Microsoft has warned of many new cyber risks faced by IT companies in the report. It says that hackers have learned how to use compromised virtual machines running in the cloud to launch massive cyber-attacks. The report says: “In the cloud weaponisation threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of a few virtual machines. The attacker can then use these virtual machines to attack, compromise, and control thousands of virtual machines—some within the same public cloud service provider as the initial attack, and others inside other public cloud service providers.” Attackers can easily issue commands to launch DDoS attacks that cripple online services and websites or flood the internet with spam. Microsoft’s cloud computing platform, Azure, has witnessed attempts to exploit the cloud to establish communications with malicious IP addresses and brute force RDP, the Remote Desktop Protocol used by Microsoft to allow users to access their desktops over a network, representing 41% and 25.5% of all outbound attacks, respectively. Spam followed at just over 20% and DDoS attempts made up 7.6% of attacks. The company is also warning IT administrators to be on the lookout for targeted threats aimed at taking control of an email account that has a high probability of containing credentials that can be used to gain access to the public cloud administrator portal. If successful, the threats may open both their on-premises and cloud infrastructures to attack. The attacker, after logging into the administrator portal, can gather information and make changes to gain access to other cloud-based resources, execute ransomware, or even pivot back to the on-premises environment. They are also keeping tabs on GitHub and other public code repositories, hoping that developers will accidentally publish secret keys that can potentially grant access to cloud accounts and services. Microsoft has further warned of “Man in the Cloud” (MitC) attacks wherein victims are tricked into downloading and installing malware, typically with an email containing a malicious link. Once active, the malware searches for a cloud storage folder and replaces the victim’s synchronisation token with that of the attacker’s. After this, whenever a user adds a file to their cloud storage accounts each time, a copy is delivered to the attacker. http://www.cloudcomputing-news.net/news/2016/dec/16/cyber-criminals-compromising-virtual-machines-cloud-increase-scale-ddos/ http://www.eweek.com/security/microsoft-report-says-hackers-weaponizing-cloud-virtual-machines.html Source: https://www.ddosattacks.net/wp-admin/post-new.php

Continue Reading:
Cyber criminals compromising virtual machines in cloud to increase scale of DDoS

Hackers hit Thai government with DDoS attacks protesting against restrictive internet law

Classified government records are believed to have been accessed by the hackers. Anonymous hackers have reportedly hit Thailand government websites with targeted DDoS attacks in retaliation for the passage of a bill which is feared to impose considerable restrictions on internet freedom. The bill introduced amendments to the country’s computer crime law and was unanimously passed by the military-appointed legislature on 16 December, according to reports. The new law allows Thai authorities to monitor and access private communications as well as censor online content without a court order. The DDoS attack knocked out Thailand’s defence ministry website. At the time of writing, the site remains inaccessible. Anonymous hackers also reportedly targeted the Thai Ministry of Digital Economy and Society, the Prime Minister’s Office and the Office of the National Security Council. A hacker, claiming to be part of the Anonymous campaign against the Thai government titled “Op Single Gateway”, going by the pseudonym “blackplans”, posted screenshots on Twitter of what he/she claimed were documents stolen from the compromised government sites. The Thai defence ministry said the attack accomplished little. “They couldn’t do anything because we have defence systems in place that are ready for such situations,” said Kongcheep Tantrawanich, a defence ministry spokesman,” ABC News reported. He warned that further attacks could lead to “destroying financial systems, banks, transportation systems, airports and can cause damage toward the population of an entire country”. The Thai government characterised the hackers as “thugs” bent upon “creating chaos” and “overstepping boundaries”. The government has also asked the public to come forward with information about the hackers. Thai cyber controls raise censorship and privacy concerns Privacy groups have raised concerns about Thailand’s new cyber laws, which are believed to infringe on human rights and freedom of expression. The UN Office of Human Rights said in a statement on Monday (19 December): “We are concerned by amendments to Thai legislation that could threaten online freedoms, and call on the government to ensure the country’s cyber laws comply with international human rights standards.” According to local reports, Amnesty International, in collaboration with the Thai Netizen Network, lodged a petition with the Thai National Legislative Assembly. The petition, which has also been endorsed by 300,000 internet users, calls for reconsideration of the amendments to the computer crime act. “The bill is very broad and open to interpretation and we will have to see how the government will implement these laws,” said Arthit Suriyawongkul of the Thai Netizen Network. “It’s not the law itself that is a rights violation, but the authorities’ extensive power when monitoring and censoring online content, which could raise privacy concerns.” Thai Prime Minister Prayuth Chan-ocha defended the amendments to the nation’s cyber laws. “This law is for when anyone posts something that is poisonous to society so that we know where it comes from,” Prayuth said, Reuters reported. “Don’t think this is a rights violation. This isn’t what we call a rights violation … this is what we call a law to be used against those who violate the law,” he said. Source: http://www.ibtimes.co.uk/hackers-hit-thai-government-ddos-attacks-protesting-against-restrictive-internet-law-1597339

Read this article:
Hackers hit Thai government with DDoS attacks protesting against restrictive internet law

Indian Bitcoin Exchange Suffers Outage as DDoS Attacks Continue

T he onslaught of DDoS attacks targeting bitcoin websites around the world isn’t showing any signs of abating as an Indian bitcoin exchange came under attack today. Indian bitcoin exchange Coinsecure saw a spike in traffic this Monday morning local time. The number of connections attempting to reach the website was enough to disrupt exchange activity. Operational delays ensued on its website, mobile application and other API-enabled platforms. In an email to customers, the bitcoin exchange revealed the reason for the delays. We were under a massive DDoS attack this morning that blocked traffic temporarily to our website, API and Android App. You may have experienced delays in withdrawals and deposits as well, this morning. The email, which reached customers afternoon in local time, confirmed that the website was fully operational again, following several hours of disruption. Bitcoin Exchanges. Ripe Targets? Bitcoin exchanges and websites are perhaps the most-obvious targets for DDoS extortionists seeking ransom in bitcoin.  Still, Kraken CEO Jesse Powell told CCN in an earlier exchange that bitcoin companies aren’t always the best targets. “Most Bitcoin companies aren’t profitable and we’re therefore not great targets,” said Powell, whose exchange suffered a DDoS attack in November last year. Thai bitcoin exchange Bitcoin Co. Ltd., also suffered a DDoS attack in November 2015, albeit from a different perpetrator. “We have received several DDOS-ransom letters to https://bx.in.th,” Bitcoin Co. Ltd Managing Director David Barnes told  CCN . “[The] last was supposedly from Armada Collective requesting 10BTC.” More importantly, he added: Attackers seem to lose interest quickly when you block them or don’t respond to their messages. CCN was also targeted in November 2015, with one extortionist communicating via email to demand 2 bitcoins in ransom. The email was ignored and we duly put up a 5 BTC reward for any information leading to a successful police report. While we came short of finding details, CCN continues to be targeted frequently with DDoS attacks. At the time in 2015, bitcoin was trading near peaks of $500 and has come a considerable way since while avoiding volatility. As the value of the cryptocurrency makes gains with stable footing, bitcoin businesses and websites continue to remain targets. A New Wave of Attacks The latest instances of DDoS disruptions could ostensibly be new wave of attacks targeting bitcoin websites. Last week, European bitcoin and altcoin exchange BTC-e was also targeted, resulting in temporary disruption of exchange activity. CCN was also the target of a DDoS attack last week. The website saw temporary disruption lasting 1-2 hours before the attacks were mitigated. Source: https://www.cryptocoinsnews.com/indian-bitcoin-exchange-suffers-outage-ddos-attacks-continue/

Continue reading here:
Indian Bitcoin Exchange Suffers Outage as DDoS Attacks Continue

The new age of DDoS – And we ‘joked’ that toasters would one day take down our banks

The size of DDoS attacks has increased exponentially thanks to hackers and cyber criminals making use of the IoT. A few years ago, just as the ‘Internet of Things’ (IoT) was starting to form as a concept, some of us in the cyber security community joked that in future our toasters would be able to take down our banks. Within the last few months that joke has started to become a reality. In September 2016, US security researcher Brian Krebs had his website, Krebs on Security, taken offline by the largest Distributed Denial of Service (DDoS) attack yet seen. A short while later OVH, a French internet hosting company, was struck by an even bigger attack. Then, in October, Domain Name Server (DNS) company Dyn – essentially a part of the ‘internet phone book’ which directs users to websites – also fell victim to an attack in which tens of millions of different internet addresses bombarded the company’s servers with excessive data, causing popular sites like Twitter, Spotify and Reddit to go offline. The size of attacks has increased exponentially thanks to hackers and cyber criminals making use of the IoT. These devices – including the likes of webcams Digital Video Recorders, and even fridges, toasters and pressure cookers – are typically designed to be quick and cheap to produce, and inherently have very poor levels of security. The majority run variants of the Linux operating system and many have very simple or default administrator username and password combinations, or use standard encryption tools where the ‘key’ is widely available on the internet. There are some with no security features at all. Worryingly, the end user can do little to prevent their use by cyber criminals and hackers, even if they were to become aware that their device has been compromised. Other than turning it off and disconnecting it from any internet connection – which would pretty much leave the device as ‘dumb’, and remove the features they bought it for – there’s very little scope to prevent it from being recruited by hackers. The risk posed stems from a piece of malware called ‘Mirai’ (Japanese for ‘the future’). Developed by a coder who goes under the pseudonym of ‘Anna-senpai’, Mirai turns computer systems running Linux into remotely controlled ‘bots’ that can be used as part of a ‘botnet’ in large-scale network attacks. Mirai was first unleashed on September 20, 2016, with attacks on the Krebs website reaching up to 620 Gbps. Soon after, OVH was hit with an attack which reached a staggering 1 Tbps. Both these attacks used in the region of 150,000 infected IoT devices, and produced volumes of traffic in DDoS attacks never seen before. It is thought Krebs was targeted as he has exposed an Israeli group called ‘vDOS’ operating on the ‘Dark Web’ that rented out DDoS attacks (known as ‘DDoS-as-a-Service’). Soon after these attacks, the source code for Mirai was released on the Dark Web. This now gave other hackers and cyber criminals the opportunity to undertake massive DDoS attacks,which resulted in the Dyn incident. In a change of tactic, the hackers attempted to take down part of the key infrastructure of the internet rather than just focusing on a single website. This begs the question: Just how will DDoS attacks develop in 2017 and what will the future hold for internet security? Source: http://www.itproportal.com/features/the-new-age-of-ddos-and-we-joked-that-toasters-would-one-day-take-down-our-banks/

Read the original post:
The new age of DDoS – And we ‘joked’ that toasters would one day take down our banks

Battlefield 1: Are servers up after DDoS attack by The Phantom Squad?

It seems that the servers of popular first-person-shooter game Battlefield 1 have fallen victim to an attack by a hacker group which is said to have resorted to employing the Distributed Denial of Service aka DDoS attack. Plenty of Battlefield 1 gamers have taken to social media forums to report the non-playability of Battlefield 1. Therefore, you can let us know in case the game servers are offline thus momentarily not allowing you play Battlefield 1. It seems that the mastermind of the latest attack on battlefield 1 servers is the Phantom Squad who has claimed responsibility for the attack. “We will be keeping Battlefield 1 servers down. We are waiting for starskids to have an autistic breakdown,” state the hacker group in an official tweet. At this juncture, developers Electronic Arts are yet to issue official comments on the reported DDoS attack on the Battlefield 1 servers by The Phantom Squad. Therefore, you are advised to check for the online game mode in Battlefield 1 and let us know if the game works for you. As soon as the Battlefield 1 servers were ‘attacked’, gamers took to micro-blogging site Twitter to vent their angst. Source: http://www.ibtimes.co.in/are-battlefield-1-servers-after-ddos-attack-by-phantom-squad-can-you-play-game-now-708831

View original post here:
Battlefield 1: Are servers up after DDoS attack by The Phantom Squad?

FBI Tries to Curb Young DDoS Hackers

In coordination with Europol’s European Cyber Crime Centre (EC3), the FBI conducted a series of interviews and arrests Dec. 5-9 aimed at reducing the number of young people acting as Distributed Denial of Service (DDoS)-for-hire hackers. “DDoS tools are among the many specialized cyber crime services available for hire that may be used by professional criminals and novices alike,” said Steve Kelly, FBI unit chief of the International Cyber Crime Coordination Cell (IC4). “While the FBI is working with our international partners to apprehend and prosecute sophisticated cyber criminals, we also want to deter the young from starting down this path.” Law enforcement agencies participated from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States, and the combined effort led to 34 arrests and 101 suspects interviewed and cautioned. The effort mainly targeted hackers under 20 who were suspected of paying for services that would maliciously flood an online target with so much data that users would be unable to gain access. The operation also marks the kick-start of a campaign in all participating countries to raise awareness of young people getting involved in cyber crime and to point those people toward positive outlets for their hacking skills. “Today’s generation is closer to technology than ever before, with the potential of exacerbating the threat of cyber crime,” said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3). “Many IT enthusiasts get involved in seemingly low-level fringe cyber crime activities from a young age, unaware of the consequences that such crimes carry. One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path, helping them understand how they can use their skills for a more constructive purpose.” Europol also identified that young hackers are most likely to be responsible for crimes in which they hack to take control or information from a computer, create or use malware and viruses, and carry out DDos attacks. “No law enforcement agency or country can defeat cyber crime alone,” an FBI statement said. “This demands a collective global approach.” Source: https://www.meritalk.com/articles/fbi-tries-to-curb-young-ddos-hackers/

Follow this link:
FBI Tries to Curb Young DDoS Hackers

Cryptocurrency exchange BTC-e resumes operations after DDoS attack

Leading cryptocurrency exchange BTC-e announced on early Thursday morning (around 5:30 am EST) that it was under Distributed Denial of Service (DDoS) attack, CoinTelegraph reported. The website went offline after the attack and displayed a white page saying “DB connect error”. The DDoS attack tries to make an online service unavailable by flooding it with traffic from multiple sources. BTC-e soon resolved the issues and was back online within a few hours. Earlier in January, BTC-e suffered another DDoS attack with its website offline for several hours, CoinTelegraph reported. The startup has been facing such attacks for almost two years now. In February 2014, it also suffered a DDoS attack. In addition, data breach monitoring service LeakedSource in September revealed that BTC-E.com suffered major hack in 2014. It said that over 500,000 users of BTC-E.com were hacked in October 2014. The data contained usernames, emails, passwords, ip addresses, register dates, languages and some internal data such as how many coins the user had. The cryptocurrency ecosystem is frequently facing DDoS attacks. In June 2016, BitGo Inc., a leading multi-sig bitcoin wallet provider, announced that it was under Distributed Denial-of-Service (DDoS) attack. Another bitcoin startup Coinkite Inc. decided to close its secure wallet service this year due to never ending DDoS attacks. Source: http://www.econotimes.com/Cryptocurrency-exchange-BTC-e-resumes-operations-after-DDoS-attack-454313

See more here:
Cryptocurrency exchange BTC-e resumes operations after DDoS attack

Parliament website brought down by DDoS attack ‘just ten minutes’

House of Representatives Secretary General Surasak Pianwej Friday expressed confidence that the Parliament website has been effectively guarded against DDoS attack, saying the attack by angry Internet users brought down the site just ten minutes Thursday night. Surasak dismissed claimed by the group of “Citizens Against Single Gateway: Thailand Internet Firewall” that a DDoS attack organized by the group brought the down the webiste for an hour at 8:55 pm Thursday. “The system went down just 10 minutes and it resumed,” Surasak said. The group has urged Thai Internet users to join another DDoS attack at 2 pm Friday. Surasak said the officials will step up measures to prevent the attack. The group staged the attack after the National Legislative Assembly refused to abort the final reading of the new computer crime bill. Source: http://www.nationmultimedia.com/news/breakingnews/30302233

Read the original:
Parliament website brought down by DDoS attack ‘just ten minutes’