Author Archives: Enurrendy

Did your UK biz just pay £1,500 to stop a DDoS? You’ve been had

Empty threats from faux hackers doing the rounds again What kind of a grifter pretends he’s going to DDoS you? The kind that easily makes off with a lot of cash, it seems. “Hackers” who have been making empty DDoS threats while posing as the Armada Collective appear to have have moved on.…

Continued here:
Did your UK biz just pay £1,500 to stop a DDoS? You’ve been had

Anonymous Target Bank of Greece Website with Massive DDoS Attack

Anonymous shut down the bank of Greece website in a powerful DDoS attack — Vows to target more banks against financial corruption. The online hacktivist Anonymous recently relaunched operation OpIcarus directed towards banking sector in Europe and the United States — The first bank coming under the fire is the Bank of Greece who had their website under a series of distributed denial-of-service attacks ( DDoS ) forcing the servers to remain offline for more than 6 hours. OpIcarus is all about targeting banking and financial giants Anonymous’ Operation OpIcarus was launched in January 2016 and restarted in March 2016. The hacktivists behind the operation believe banks and financial giants are involved in corruption and to register their protest they had to take the war to a next level. In an exclusive conversation with one of the hacktivists behind the Greek bank DDoS attack, HackRead was told that: “The greek central bank has been offline all day. we would like all banks out there to know that unless they hold themselves accountable for their crimes against humanity that we will strike a new bank every single day and punish them #OpIcarus.” Source: https://www.hackread.com/anonymous-ddos-attack-bank-greece-website-down/ The hacktivists also released a YouTbe video revealing the reason and a list of banking websites that will be targeted. The list includes banking and financial institutions in Brazil, Bangladesh, China, USA, UK, Pakistan, Iran and several other countries.

Link:
Anonymous Target Bank of Greece Website with Massive DDoS Attack

Image bf7013cba9e2786cb7d5f8f48c37f5a2

Armada Collective Copycats Now Posing as Lizard Squad in DDoS Extortion Scheme

After terrorizing companies under the fake Armada Collective moniker, the same group appears to have switched to using the name of the infamous Lizard Squad hacking crew, CloudFlare reported today. Early this week on Monday, CloudFlare let everyone know there was a criminal goup sending out extortion emails to companies around the globe. The criminals were posing as Armada Collective , an infamous group known for carrying out DDoS attacks if victims didn’t pay a so-called “protection tax.” The crooks were basing their attacks on the victims googling their name and finding out about the tactics of the real Armada Collective. In fact, CloudFlare says it never saw a single DDoS attack carried out by this group against its targets. In another blog post today, CloudFlare says that three days after they exposed the group, the criminals dropped the Armada Collective name and started using Lizard Squad instead, another hacking crew, famous for downing the Xbox and PlayStation networks on Christmas 2014. The change was to be expected since extorted organizations that would google the Armada Collective name would see all the stories about the copycats instead. CloudFlare says that over 500 companies received extortion emails from this group claiming to be Lizard Squad and that all these emails were identical. As before, the group used one single Bitcoin address to receive payments. By using one Bitcoin address, the group would not be able to tell which companies paid the ransom and which didn’t, meaning this was almost sure the same group as before, launching empty threats once again. CloudFlare says that just like when claiming to be Armada Collective, the group never launched any DDoS attacks when posing as Lizard Squad. Below is a comparison of the two ransom notes received by companies, from the fake Lizard Squad group on the left, and from the fake Armada Collective group on the right. Source: http://justfreedownload.net/news/98693/armada-collective-copycats-now-posing-as-lizard-squad-in-ddos-extortion-scheme.html

See more here:
Armada Collective Copycats Now Posing as Lizard Squad in DDoS Extortion Scheme

DDoS aggression and the evolution of IoT risks

Few organizations globally are being spared DDoS attacks, according to a Neustar survey of over 1,000 IT professionals across six continents. With the bombardment fairly constant throughout 2015, it is no longer a matter of if or when attacks might happen, but how often and how long the attack will last. Faced with this ongoing onslaught, the report demonstrates that increasingly DDoS-defense savvy organizations are now arming themselves accordingly. The research results show that although … More ?

View the original here:
DDoS aggression and the evolution of IoT risks

Image 15689_Outage-costs3.png

The rising cost of DDoS

Data centers may be more reliable, but failures due to malicious attacks are increasing. Their cost is also rising, says Michael Kassner Some cost accountants would cringe at his methodology, but after a 2013 DDoS attack on Amazon, Network World journalist Brandon Butler took a simple route to come up with an attention-grabbing headline: “Amazon.com suffers outage – nearly $5M down the drain?” Did Amazon really lose this much money? Or did it lose more? Butler worked backward from the company’s reported quarterly earnings: “Amazon.com’s latest (2013) earnings report shows the company makes about $10.8 billion per quarter, or about $118 million per day and $4.9 million per hour.”  The DDoS outage lasted nearly an hour, hence the almost $5 million figure. That is a truly staggering amount to lose in one hour of unplanned maliciously-caused downtime. And Butler’s methodology seems logical on the surface. But could we get a more accurate idea of the actual cost? The Ponemon way of estimating If the Ponemon Institute is known for anything, it is the company’s diligence in providing accurate accounting of issues on the company’s radar – in particular security issues. Its areas of interest happen to include the cost of data center outages, which it covers in a regular report series. The executive summary of the latest, January 2016, report says: “Previously published in 2010 and 2013, the purpose of this third study is to continue to analyze the cost behavior of unplanned data center outages. According to our new study, the average cost of a data center outage has steadily increased from $505,502 in 2010 to $740,357 today (or a 38 percent net change).” To reach those conclusions the Ponemon researchers surveyed organizations in various industry sectors (63 data centers) that experienced an unplanned data center outage during 2015. Survey participants held positions in the following categories: Facility management Data center management IT operations and security management IT compliance and audit The Ponemon researchers used something called activity-based costing to come up with their results. Harold Averkamp at AccountingCoach.com describes activity-based costing as follows: “Activity-based costing assigns manufacturing overhead costs to products in a more logical manner than the traditional approach of simply allocating costs on the basis of machine hours. Activity-based costing first assigns costs to the activities that are the real cause of the overhead. It then assigns the cost of those activities only to the products that are actually demanding the activities.” Following Averkamp’s definition, Ponemon analysts came up with nine core process-related activities that drive expenditures associated with a company’s response to a data outage (see Box). It’s a detailed list, and includes lost opportunity costs. Key findings The research report goes into some excruciating detail, and significant real information can be gleaned from the survey’s key findings. For example, the maximum cost of a data center outage has more than doubled since Ponemon Institute started keeping track, from $1 million in 2010 to more than $2.4 million in 2016. Overall outage costs Source: Ponemon Institute “Both mean and median costs increased since 2010 with net changes of 38 and 24 percent respectively,” says the report. “Even though the minimum data center outage cost decreased between 2013 and 2016, this statistic increased significantly over six years, with a net change of 58 percent.” The report also found that costs varied according to the kind of interruption, with more complexity equalling more cost. “The cost associated with business disruption, which includes reputation damages and customer churn, represents the most expensive cost category,” states the report. The least expensive costs, the report says involve “the engagement of third parties such as consultants to aid in the resolution of the incident.” The Ponemon report looked at 16 different industries, and the financial services sector took top honors with nearly a million dollars in costs per outage. The public sector had the lowest cost per outage at just under $500,000 per outage. Primary causes of outages Source: Ponemon Institute Next, the Ponemon team looked at the primary cause of outages. UPS system failure topped the list, with 25 percent of the companies surveyed citing it. Twenty-two percent selected accidental or human error and cyber attack as the primary root causes of the outage. Something of note is that all root causes, except cyber crime, are becoming less of an issue, whereas cybercrime represents more than a 160 percent increase since 2010. One more tidbit from the key findings: complete unplanned outages, on average, last 66 minutes longer than partial outages. The Ponemon researchers did not determine the cost of an outage per hour; deciding to look at the price per outage and per minute, and how those numbers have changed over the three survey periods. The cost per outage results are considerably less than that reported for the Amazon incident, but an average of $9,000 per minute or $540,000 per hour is still significant enough to make any CFO take note. DDoS is not going away Data centers can only increase in importance, according to the Ponemon analysts, due in large part to cloud computing (30 percent CAGR between 2013 and 2018) and the IoT market (expected to reach 1.7 trillion dollars by 2020). “These developments mean more data is flowing across the internet and through data centers—and more opportunities for businesses to use technology to grow revenue and improve business performance,” write the report’s authors. “The data center will be central to leveraging those opportunities.” An interesting point made by the report is how costs continue to rise and the reasons for data center downtime today are mostly not that different from six years ago. The one exception is the rapid and apparently unstoppable growth in cyber attacks. The report authors are concerned about this very large increase in cyber attack outages, and they make a stark warning that the problem is not going away soon.   Components of cost: Detection cost Activities associated with the initial discovery and subsequent investigation of an outage incident. Containment cost Activities and associated costs that allow a company to prevent an outage from spreading, worsening, or causing greater disruption. Recovery cost Activities and associated costs related to bringing the organization’s networks and core systems back to normal operation. Ex-post response cost All after-the-fact incidental costs associated with business disruption and recovery. Equipment cost The cost of equipment, new purchases, repairs, and refurbishment. IT productivity loss The lost time and expenses associated with IT personnel downtime. USER productivity loss The lost time and expenses associated with end-user downtime. Third-party cost The cost of contractors, consultants, auditors, and other specialists engaged to help resolve unplanned outages. Lost revenues Total revenue loss from customers and potential customers because of their inability to access core systems during the outage. Business disruption Total economic loss of the outage, including reputational damages, customer churn, and lost business opportunities. Source: http://www.datacenterdynamics.com/security-risk/the-rising-cost-of-ddos/96060.article http://www.datacenterdynamics.com/magazine

Read More:
The rising cost of DDoS

Image armada-collective-scam-email-640x748.png

Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

In less than two months, online businesses have paid more than $100,000 to scammers who set up a fake distributed denial-of-service gang that has yet to launch a single attack. The charlatans sent businesses around the globe extortion e-mails threatening debilitating DDoS attacks unless the recipients paid as much as $23,000 by Bitcoin in protection money, according to a blog post published Monday by CloudFlare, a service that helps protect businesses from such attacks. Stealing the name of an established gang that was well known for waging such extortion rackets, the scammers called themselves the Armada Collective. “If you don’t pay by [date], attack will start, yours service going down permanently price to stop will increase to increase to 20 BTC and will go up 10 BTC for every day of the attack,” the typical demand stated. “This is not a joke.” Except that it was. CloudFlare compared notes with other DDoS mitigation services and none of them could find a single instance of the group acting on its threat. CloudFlare also pointed out that the group asked multiple victims to send precisely the same payment amounts to the same Bitcoin addresses, a lapse that would make it impossible to know which recipients paid the blood money and which ones didn’t. Despite the easily spotted ruse, many businesses appear to have fallen for the scam. According to a security analyst contacted by CloudFlare, Armada Collective Bitcoin addresses have received more than $100,000. “The extortion emails encourage targeted victims to Google for the Armada Collective,” CloudFlare CEO Matthew Prince wrote. “I’m hopeful this article will start appearing near the top of search results and help organizations act more rationally when they receive such a threat.” Source: http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/

Continue Reading:
Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

Website extortionists rake in over $100,000 without lifting a finger

‘Armada Collective’ threatens to carry out DDoS attacks, never actually attacks Reputation is everything in business: it appears a bunch of canny scammers have stolen the identity of a hacking squad to make some serious bank.…

See the original post:
Website extortionists rake in over $100,000 without lifting a finger

KKK Website Shut Down by Anonymous Ghost Squad’s DDoS Attack

Anonymous Ghost Squad’s DDoS Attack Closes Down KKK Website The Anonymous vs. Ku Klux Klan (KKK) cyber war is well known to all of us. In continuation of that war, Anonymous affiliate Ghost Squad brought down one of major website belonging to the KKK members. In a series of powerful distributed denial-of-service (DDoS) attacks just a few hours ago, Anonymous has shut down the official website of Loyal White Knights of the Ku Klux Klan (KKK). Ghost Squad, the group said to be behind this attack works with the online hacktivist Anonymous. The reason for attacking the KKK is the “blunt racism” in the name of free speech. In an exclusive conversation with one of the attackers, HackRead was told that: “We targeted the KKK due to our hackers being up in their face, we believe in free speech but their form of beliefs is monolithic and evil. We stand for constitutional rights but they want anyone who is not Caucasian removed from earth so we targeted the KKK official website to show love for our boots on the ground and to send a message that all forms of corruption will be fought. We are not fascist but we certainly do not agree with the KKK movement. They are the Fascists and they are the Racists.” An error message “The kkkknights.com page isn’t working” is displayed for those visiting the website. KKK has not for the first time come under attacks by Anonymous. Earlier, the hacktivists disclosed personal information of KKK members. In October 2015, the group also carried out DDoS attacks on KKK’s website, as one of the Klan members apparently harassed a woman on Twitter. This is not it. In 2014, the official website of a Mississippi-based white supremacist organization “The Nationalist Movement” (nationalist.org) was also spoiled with messages like “Good night white pride.” The KKK Knights website is still offline across the world as shown in the screenshot below: Source: http://www.techworm.net/2016/04/kkk-website-shut-anonymous-ghost-squads-ddos-attack.html

Originally posted here:
KKK Website Shut Down by Anonymous Ghost Squad’s DDoS Attack

Anonymous Launches DDoS attacks Against Denver Police Website Against Fatal Shooting

Anonymous NWH targets Denver police department domain with DDoS attack to register protest against the fatal shooting of 39-year-old Dion Avila An Anonymous-linked team of attackers called New World Hacking  (NWH)   has conducted a series of powerful distributed denial-of-service ( DDoS ) attacks on Denver city, county and police website earlier today forcing the site to go offline — The reason for targeting the site was last week’s (Tuesday 14th April)   police shooting in which Dion Avila Damon was allegedly killed inside his parked car near the Denver Art Museum. In an exclusive conversation with two of the NWH attackers (Sad Prophet and SinfulHazeCE) behind this attack, HackRead told that: “We see how Denver police don’t care so if they don’t care about killing and innocent; we don’t care about continuous attacks on Denver.” The attackers also hint for a database leak within a week or so depending on the response from Denver police department. However, Fox news reported that Police is investigating an officer-involved in the shooting. Remember, the NWH is the same group who claimed responsibility for shutting down Xbox online service , BBC news servers , HSBC UK’s online banking, the official website for Donald Trump’s election campaign, Salt Lake city Police and airport websites . At the time of publishing this article, the Denver police department website was down. Source: https://www.hackread.com/anonymous-shut-denver-police-website/    

View post:
Anonymous Launches DDoS attacks Against Denver Police Website Against Fatal Shooting

Anonymous whales on Denmark, Iceland with OpKillingBay DDoS

Anti-dolphin-munching mission DDoSed car-maker Nissan A pair of Akamai researchers are warning that entities using the name and iconography of hacker collective Anonymous will soon expand a six-year distributed denial of service (DDoS) attack campaign against Japan to other whale-and-dolphin-eating nations.…

Visit site:
Anonymous whales on Denmark, Iceland with OpKillingBay DDoS