Now ZyXEL and D-Link routers from Post Office and TalkTalk under siege Analysis The Mirai botnet has struck again, with hundreds of thousands of TalkTalk and Post Office broadband customers affected. The two ISPs join a growing casualty list from a wave of assaults that have also affected customers at Deutsche Telekom, KCOM and Irish telco Eir over the last two weeks or so.…
The website was offline for roughly four hours on 1 December. Whistleblowing website WikiLeaks suffered a mysterious outage on the morning of 1 December for roughly four hours, two days after posting its release of a searchable database of 60,000 emails from US government contractor HBGary. The website reportedly went down at around 4:00am (GMT), with some social media users quickly speculating it was the result of yet another distributed-denial-of-service (DDoS) assault – a form of cyberattack that sends waves of traffic at a web server in order to force it offline. By 9:00am (GMT) the website had fully resurfaced. “WikiLeaks is offline. Page no longer exists?!” one user wrote. Another said: “@WikiLeaks is down right now. Could be DDoS attack.” Meanwhile, a well-known account linked with Anonymous added: “Rule 41 happens and the first thing that goes down? WikiLeaks, of course, is currently unreachable.” Rule 41 is the newly-passed law in the US that permits the FBI and other agencies to conduct hacking-based investigations on multiple computers with a single warrant. Despite the claims of Anonymous, there is nothing to suggest it was related to any problems with WikiLeaks’ website. IBTimes UK contacted WikiLeaks for comment however had received no response at the time of publication. The outage comes after a slew of politically-charged leaks from the Democratic National Committee (DNC) and the personal email inbox of John Podesta, a close aide to Hillary Clinton. In October, Julian Assange, the founder of the organisation, claimed that unknown forces within the “DC establishment” had attempted to disrupt WikiLeaks’ operations via cyberattack after it released a collection of emails from the DNC. “The US DC establishment – which believes that Hillary Clinton will be the winner of the election – tried to find different ways to distract from our publications,” he said at the time, adding: “They started attacking our servers with DDoS attacks and attempted hacking attacks.” Later, on the morning of 7 November, after publishing 8,000 more DNC emails, WikiLeaks issued a series of updates to its four million-strong follower base about yet another attack. It said: “ WikiLeaks.org was down briefly. That’s rare. We’re investigating.” Later, it added: “Our email publication servers are under a targeted DoS attack.” Most recently, Assange renewed his effort to be allowed to exit the Ecuadorian embassy in London after a United Nations (UN) panel reinforced an earlier ruling that he was being arbitrarily detained. The decision came down after an appeal by the UK government. “Now that all appeals are exhausted I expect that the UK and Sweden will comply with their international obligations and set me free,” Assange said in a statement. “It is an obvious and grotesque injustice to detain someone for six years who hasn’t even been charged with an offence.” Source: http://www.ibtimes.co.uk/wikileaks-website-suffers-mysterious-outage-sparking-rule-41-hacking-conspiracy-1594392
Forbes’ Thomas Fox-Brewster recently reported on a DDoS-for-hire tool. For $7500, anyone who wanted to cause a little online mayhem could rent an army of 100,000 bots. Its controllers boasted that the Mirai-based botnet could unleash attacks of 1 Terabit per second or more. Now there’s a new DDoS service that’s powered by four times as many bots. 400,000 of anything sounds like a lot, but how big is that in botnet terms? A security researcher who goes by the handle MalwareTech told Bleeping Computer’s Catalin Cimpanu that this new Mirai botnet is larger than all other the Mirai botnets combined . It’s being actively promoted on the Dark Web, and its handlers are even willing to give free demonstrations of its considerable capabilities to potential customers. You don’t have to rent all 400,000 bots if you don’t want to. A customer can specify how many bots they want to rent for an attack, the duration of the attack, and the length of the “cool-down period” they’re willing to accept so the bots don’t get overtaxed. Prices are adjusted accordingly, a Bitcoin payment is made, and customers are given an Onion URL to access the botnet’s controls so they can launch their attack. Access to a service like this doesn’t come cheap. Cimpanu was quoted $3,000 to $4,000 to utilize 50,000 bots for a two-week attack with 1-hour bursts and a 5-10 minute cool-down. Apart from the massive number of bots this Mirai botnet has at its disposal, Cimpanu notes something else that differentiates it from the others. This botnet has the ability to circumvent certain DDoS mitigation techniques. Its creators have given it the ability to broadcast fake IP addresses, which makes the attacks much more difficult to disrupt. It also has one prominent attack under its belt already: the one last month that targeted a mobile telecom provider’s network in Liberia. Though reports after the fact showed that the whole country was not ever knocked completely offline, this botnet definitely seems to have the capacity to make that happen. Aimed at the right servers, a fraction of its 400,000 bots can cause widespread disruptions. Just look at what a single gamer with money to burn and an axe to grind with the Playstation Network did to Internet users all over the east coast this month. Source: http://www.forbes.com/sites/leemathews/2016/11/29/worlds-biggest-mirai-botnet-is-being-rented-out-for-ddos-attacks/#5a31b930465a
A cyber-attack took the European Commission’s services offline on Thursday, although it is thought hackers didn’t gain access to any systems and no data was compromised. According to Politico , internet services at the EC were down for several hours on Thursday afternoon following a DDoS attack. An email sent to EC staff said that a DDoS attack “resulted in the saturation of our internet connection.” Although DDoS attacks are often used as a decoy by cyber-criminals to deflect attention away from a different type of attack, there is no evidence that’s the case here. “No data breach has occurred,” the EC said in a statement sent to Politico . “The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time.” Despite the EC’s claim that there was no interruption to its services, one staff member told Politico that the internet connection went down for several hours on two separate occasions, stopping employees from getting work done. There is no indication at the moment who carried out the attack or what the motivation was. The EC is, however, bracing itself for further trouble as DDoS attacks often come in waves. The EC and the European Union (EU) are dealing with a number of cyber-related issues at the moment. Top of the agenda is the potential impact of Brexit on cybersecurity across the region, as well as incoming data protection laws. The European General Data Protection Regulation (GDPR) comes into force in May 2018, but there is plenty of work ahead for businesses and governments before that deadline. Source: http://www.infosecurity-magazine.com/news/european-commission-hit-by-ddos/
DUBLIN, Ireland – In yet another Distributed Denial of Service (DDOS) attack by hackers reported in Ireland, the country’s biggest telco said that its email system suffered a suspected attack. The attack, suspected to be a DDOS attack, which is a malicious attempt to make a server or a network resource unavailable to users is said to have put 400,000 of Eir users at risk. Customers with @eircom.net addresses reportedly began experiencing problems accessing their mail following the suspected attack. Following the reports, Eir said it noticed the issue and immediately began its mitigation process. A DDOS attack usually is launched by interrupting or suspending the services of a host connected to the internet. Reports quoted an Eir spokesman as saying that a majority of its customers should be able to access their emails accounts again. The spokesperson even said that the firm had received no contact with any hackers or any ransom demand. According to reports, users might still face issues even as the mitigation process continues to scan through IP addresses to sort out the genuine ones from those that might have been part of an attack. Source: http://www.bignewsnetwork.com/news/249745895/suspected-ddos-attack-on-eir-email-system-might-have-put-400000-users-at-risk
The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats. We all know that attacks against hospitals are increasing, but according to security experts, ransomware and DDoS attacks are just the start. The report, compiled with the help of infosec officers from several European hospitals and consultants and … More ?
Black Friday will be a big day for retailers — and hopefully for all the right reasons. Some of the biggest shopping days of the year are upon us. But while retailers are focused on ensuring that they cope with huge peaks in online and in-store sales, are they as prepared as they need to be to defend against major distributed denial of service (DDoS) attacks? Avoiding a cyber-crime catastrophe Black Friday is here (along with the increasingly popular Cyber Monday). As ever, crowds of shoppers will flock to retailers’ stores and websites in search of rock-bottom prices. And this will mean a huge increase in sales for both physical and online stores. Black Friday may be a sales bonanza but it’s also a period of high vulnerability that criminals could exploit to maximise the threat to a retailer’s business. With Christmas sales accounting for a sizeable chunk of most retailers’ annual revenues, from a criminal’s perspective, there could hardly be a better time to launch a cyber attack. What’s more, with systems already creaking under the load of peak volumes, it might not take much of a straw to break the camel’s back. The last thing a retailer wants is for their business to spectacularly and very visibly come to a sudden halt because they can’t defend against and mitigate a major distributed denial of service (DDoS) attack. Retailers face a growing threat Talk of cyber attacks are more than mere scaremongering – the threat is very real. For example, in September, the release of the Mirai code — a piece of malware that infects IoT devices enabling them to be used for DDoS attacks — opened a Pandora’s box of opportunities for ruthless cyber entrepreneurs who want to disrupt their target markets and exploit the vulnerabilities and weaknesses of companies who honestly serve their customers. This code gives criminals the ability to orchestrate legions of unsecured Internet of Things (IoT) devices to act as unwitting participants in targeted DDoS attacks. These objects could be anything from domestic hubs and routers, to printers and digital video recorders — as long as they’re connected to the internet. The latest large DDoS attacks have used botnets just like this — proving that the bad guys are multiplying and, perhaps, gearing up for bigger things. Prevention is better than the cure There are no easy answers to the question of how to secure IoT smart devices — especially at the ‘budget conscious’ end of the market. That’s why we expect that these DDoS attacks will continue to proliferate, meaning that targeted DDoS attacks of increasing scale and frequency will almost certainly occur as a result. So how can retailers defend themselves against the threat of an attack on Black Friday? Organisations have to use a combination of measures to safeguard against even the most determined DDoS attack. These include: Limiting the impact of an attack by absorbing DDoS traffic targeted at the application layer, deflecting all DDoS traffic targeted at the network layer and authenticating valid traffic at the network edge. Choosing an ISP that connects directly to large carriers and other networks, as well as internet exchanges — allowing traffic to pass efficiently. Employing the services of a network-based DDoS provider — with a demonstrable track record of mitigating DDoS attacks and sinking significant data floods. This will safeguard specific IP address ranges that organisations want to protect. Black Friday will be a big day for retailers — and hopefully for all the right reasons. But in an increasingly digital world, consideration needs to be given to the IT infrastructure that underpins today’s retail business and the security strategy that protects it. Source: http://www.itproportal.com/features/three-ways-to-prevent-a-ddos-disaster-this-black-friday/
While businesses are preoccupied solving DDoS attacks, hackers go in the back door to do some looting. Distributed denial of service (DDoS) attacks make a lot of noise, and according to a new Kaspersky Lab report, that’s exactly what hackers are using them for. As businesses are preoccupied solving DDoS attacks, hackers use the opportunity for another, more targeted and more deadly type of attack. Basically, DDoS is nothing more than a smokescreen. The conclusion comes in Kaspersky Lab’s report which polled businesses about their cybersecurity experiences, and more than half (56 per cent) say DDoS is being used as a smokescreen. In more than a quarter (29 per cent) of attacks, DDoS has been part of the tactics. Another quarter (26 per cent) said when they lost data due to a targeted attack, they were also hit by DDoS. “DDoS prevents a company from continuing its normal activities by putting either public or internal services on hold,” said Kirill Ilganaev, Head of Kaspersky DDoS Protection. “This is a real problem to businesses and it is often ‘all hands on deck’ in the IT team to try and fix the problem quickly so the business can carry on as before. DDoS can therefore be used not only as an easy way to stop the activity of a company, but also as a decoy to distract IT staff from another intrusion taking place through other channels.” The usual tactics include exploiting mobile devices, phishing scams, or even malicious activity from insiders. “The research shows us that DDoS attacks are often aligned with other threats. Businesses therefore need to be aware of the full threat landscape and prepared to deal with multiple types of criminal activity at any one time,” Ilganaev continued. “Failure to do this could increase the collateral damage, on top of already significant losses caused by downtime and the resulting impact on reputation. Businesses need to use a reliable DDoS protection service to reduce the risk of DDoS and help staff concentrate their efforts on protecting the business from any threats that can be hidden as a result.” Source: http://www.itproportal.com/news/ddos-often-used-as-a-diversion-tactic/
Many organizations today are not equipped to defend against traditional cyberattacks, as demonstrated by the ever-increasing numbers of successful breaches reported daily – the Privacy Rights Clearinghouse’s latest number is 900,875,242 records breached in 5,165 attacks over the past decade – and that’s U.S. only. Even the largest companies appear to be less equipped to deal with more sophisticated cyberattacks, like the latest IoT-based Mirai DDoS attack or the attacks detected months or years after … More ?