Author Archives: Enurrendy

How CDSL’s CIO is way ahead in the fight against DDoS attack

As the threat of DDoS attack looms large on the enterprise, CDSL’s CIO, Joydeep Dutta, countered it ahead of time with his in-house DDoS protection. For the past few years, India Inc. and its IT teams have been in a constant state of war with malware, hackers, insidious employees and everything that is a threat to their information security. The only strategy applied—and it wasn’t an effective one—was to deal with the after effects of the attack. But one CIO believed in the age old adage: Prevention is better than cure, and secured the most critical applications of the company from DDOS attacks. “Today, not many companies have implemented in-house DDoS protection though it is the ideal way of preventing denial of service attacks. If done only at the network service provider through clean pipes, it doesn’t give full protection,” says Joydeep Dutta, group CTO, Central Depository Services Limited. According to a recent report released by Akamai, India stands in the fourth position for being the origin of non-spoofed DDoS attacks. Of all the attacks, 7.43 percent originated from the country. The project was therefore a high priority for Dutta as the company’s core depository application, electronic voting for company resolution and other critical applications were Web-based. Not wasting any more time, as the threat loomed large, Dutta implemented an in-house DDoS protection and Web Application Firewall for additional security above the capability of traditional network firewalls. “By implementing Web application firewall (WAF), the internet-facing applications which are part of the core applications for most organizations were additionally protected,” he says. Further explaining the project, Dutta says that the in-premises DDOS equipment is the first layer of defense in the on-premise infrastructure. All the other equipment such as ISP routers, firewalls etc; at customer premise, are underneath this. “A set of security modules including Denial-of-service (DoS) protection, Network Behavioral Analysis (NBA), Intrusion Prevention System (IPS), Reputation Engine and Web Application Firewall (WAF), fully safeguard networks, servers, and applications against known and emerging network security threats,” Dutta says. Another novel thing about the project was the built-in security event information management system which collects and analyzes events from all modules to provide enterprise-wide views. CDSL reaped huge benefits from the on-premise DDoS implementation. “It was easy to proactively monitor the security features of these devices to decide necessary actions to be taken,” he says. It was now easy to black-list the vulnerable IP list received regularly from NCIIPC. It was also possible to stop repeated attacks with the help of the device. Thus, Dutta set an example for his peers to follow by securing the organization against the looming security threats. You too get going. Source: http://www.cio.in/case-study/how-cdsl%E2%80%99s-cio-way-ahead-fight-against-ddos-attack

More:
How CDSL’s CIO is way ahead in the fight against DDoS attack

Denying the deniers: how to effectively tackle DDoS attacks

DDoS as an attack vector is on the rise: here’s how to stop it from stopping your business. Distributed Denial of Service (DDoS) attacks maybe as old as the hills but they continue to be a popular, and highly effective, attack vector for hackers. In the past couple of months alone we have seen a persistent  DDoS attack  on the UK academic computer network JANET, which was swiftly followed by one against cloud hosting company Linode, leading to service interruptions at DNS infrastructure and data centers across the U.S. and the U.K. Indeed, recent research released by Arbor Networks in its  Annual Worldwide Infrastructure Security Report  stated that DDoS attacks are on the rise, with half of the 354 global respondents’ data centers suffering DDoS attacks – a 33% increase from 2014. DDoS attacks have increased in frequency for some time – giving hackers a relatively uncomplicated method to bring a website down or disrupt a web service. Although DDoS attacks do not involve the stealing of data, they can be highly damaging in other ways, not least by affecting the trust and reputation that a company has among its customers. This can lead to financial damage through lost customers and lost business. Moreover, DDoS attacks can be used as a diversionary smokescreen for more aggressive attacks, as was the case with the recent  TalkTalk breach. So what can organisations do to help protect themselves against the threat of DDoS and mitigate the effects of such attacks? The first step is being able to quickly detect that you are under attack, and having a procedure in place to deal with it. Illegitimate traffic can be hard to distinguish from legitimate traffic, but the typical signs of a DDoS attack are a sharp increase in traffic to your website followed by a slowing down of performance (there are services that can continuously monitor your website’s responsiveness from an external point of view, such as Dynatrace and SolarWinds.) Once a DDoS attack is underway, you have a number of options in terms of dealing with the bombardment: ISP blocking and scrubbing – It is advisable to deal with the attack in an environment that’s removed from your network, to prevent it from affecting other areas of network performance. If you suffer a DDoS attack contact your internet service provider, as many offer DDoS protection services such as blocking the originating IP addresses or ‘scrubbing’ malicious packets. They will also probably have greater bandwidth than you and are therefore likely to be able to deal with the attack more efficiently and effectively. Blackholing – A common response to a DDoS attack is to simply route all website traffic into a black hole, thus taking the website offline until the attack ceases. The problem with this approach is that it blocks all traffic, both good and bad, which basically means that the hacker has achieved their objective. Routers and firewalls – You can set up routers and firewalls policies to filter non-critical protocols, block invalid IP addresses and shut off access to specific high-risk segments of your network in the event of an attack. However, be aware that these techniques are somewhat ineffective against more sophisticated attacks that use spoofing or valid IP addresses. Content delivery network – Using a content delivery network to create replicas of your website for customers in different locations can help reduce the impact of the DDoS attack as well as make the extra DDoS related traffic easier to combat. Anti-DDoS technology – Many of the leading firewall appliance vendors offer specialised anti-DDoS modules, that can be deployed at the perimeter of your network or data center, which are designed to detect and filter malicious traffic. However, these are not automated and need to be constantly managed and updated by your operations team. While there is no single ‘silver bullet’ solution that can stop a DDoS attack in its tracks once the traffic starts hitting your website, you can lessen its impact on your business by using a combination of the methods I’ve outlined here. As DDoS continues to be used as a cyber-weapon against websites and online resources, organisations should ensure that they have a response plan in place that includes these mitigation techniques, to help deny attempted denial-of-service attacks. Source: http://www.information-age.com/technology/security/123460891/denying-deniers-how-effectively-tackle-ddos-attacks#sthash.HM41ehWS.dpuf

Continue Reading:
Denying the deniers: how to effectively tackle DDoS attacks

Someone hijacked the Dridex botnet to deliver Avira AV's installer

After last September's arrest of an alleged member of the gang that has been developing and spreading the Dridex banking malware, and last October's temporary disruption of the Dridex botnet at the ha…

View post:
Someone hijacked the Dridex botnet to deliver Avira AV's installer

Mystery hacker pwns Dridex Trojan botnet… to serve antivirus installer

Ah, great. Ave AV Part of the distribution channel of the Dridex banking Trojan botnet may have been hacked, with malicious links replaced by installers for Avira Antivirus.…

View original post here:
Mystery hacker pwns Dridex Trojan botnet… to serve antivirus installer

Mystery hacker hijacks Dridex Trojan botnet… to serve antivirus installer

Ah, great. Ave AV Part of the distribution channel of the Dridex banking Trojan botnet may have been hacked, with malicious links replaced by installers for Avira Antivirus.…

Link:
Mystery hacker hijacks Dridex Trojan botnet… to serve antivirus installer

HSBC Calls In Cops To Chase DDoS Attackers Who Took Online Banking Down

HSBC said today it was working with local police to find those who disrupted its online banking services with a denial of service attack, as customers complained of not being able to access their accounts. The attack was made even more painful for customers as the last Friday of the month is a traditional payday in the UK, the home of HSBC. Little information was provided by HSBC other than a terse statement over Twitter: “HSBC UK internet banking was attacked this morning. We successfully defended our systems. “We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience.” A spokesperson told the BBC a denial of service attack was the cause of the downtime. A subsequent tweet revealed the police had been contacted: “HSBC is working closely with law enforcement authorities to pursue the criminals responsible for today’s attack on our Internet banking.” HSBC was hit by a distributed denial of service (DDoS), where infected machines fire an overwhelming number of data packets at a server to stop it working, most recently in 2012. That time the Anonymous hacktivist crew was believed to have carried out the hit. DDoS attacks in general have been causing havoc in recent months, as criminals have tried to extort targets, threatening to knock businesses offline unless a ransom was paid. Encrypted email provider ProtonMail was criticised for paying a ransom of $6,000 in Bitcoin at the end of 2015 to a DDoS extortionist crew called the Armada Collective. That group targeted other secure email providers Hushmail, Runbox and VFEMail. Anti-DDoS provider Arbor Networks reported earlier this month that the record for DDoS power hit a new peak in 2015, hitting 500Gbps. Numerous organizations had reported attacks in the 400Gbps-500Gbps range throughout 2015, Arbor noted. With so much power, and such easy money to be made with extortion attacks, no business appears immune from DDoS downtime. Professor Alan Woodward, a security expert from the University of Surrey, said an attack capable of taking down an entity like HSBC would need to be big. “In addition we’re seeing the emergence of techniques that mean that these attacks are circumventing some of the systems put in place to mitigate agains these attacks,” Woodward said. He also warned DDoS has been used as a “smokescreen” for other malicious activity in the past. “They want to tie up the technical departments, of which there is obviously a finite number, so that they might miss some unusual activity that would give away the fact that the hackers are breaches the corporate boundary.” Source: http://www.forbes.com/sites/thomasbrewster/2016/01/29/hsbc-ddos-downtime/2/#4eea0f825126 http://www.forbes.com/sites/thomasbrewster/2016/01/29/hsbc-ddos-downtime/#109a8cc451c2

Taken from:
HSBC Calls In Cops To Chase DDoS Attackers Who Took Online Banking Down

HSBC online services still offline following ‘attack’ on bank

Oh no – not again! Updated   HSBC customers were once again locked out of online banking this morning, following an apparent DDoS attack on the bank.…

Visit link:
HSBC online services still offline following ‘attack’ on bank

Two Arrested in DDoS Attacks Linked to Online Gambling Site Extortion

Last month’s arrest in Bosnia and Herzegovena of two individuals connected to the cyber-crime group DD4BC have been definitely linked to a series of DDoS extortion attacks over the past 18 months, many of which were targeted at online-gambling firms.  PokerStars and Betfair are among the various companies to have been targeted by the extortionists, who typically sought modest and largely-anonymous payments made in Bitcoins in exchange for ceasing the attacks. The DD4BC group, an acronym for DDoS (Distributed Denial of Service attack) For BitCoins, is a loosely organized group of online hackers and thieves who have congregated in some of the Internet’s darker, more anonymous holes.  The group’s widespread members share information and online weaponry in their attempts to extract payments from their targets.  Failure to provide payoffs by the group’s targeted victims typically results in intermittent and ongoing DDoS attacks, designed to flood the victim’s servers with meaningless online traffic, making normal business impossible. The arrests of the two unidentified individuals was announced by Europol earlier this month, with one of the two individuals described as being a leader of the informal DD4BC group.  These initial arrests were part of an international operation dubbed Operation Pleaides. According to the Netherlands-based Europol, which is the official intelligence agency of the European Union, “The action was initiated as part of a global law enforcement response against the criminal organisation. Key members of the organised network were identified in Bosnia and Herzegovina by the UK Metropolitan Police Cyber Crime Unit (MPCCU) which provided vital information to the investigation. Police authorities from Australia, France, Japan, Romania, the USA, Switzerland and INTERPOL supported the coordinated activities. “Operation Pleiades resulted in the arrest of a main target and one more suspect detained,” the Europol statement added. “Multiple property searches were carried out and an extensive amount of evidence was seized,” indicating that more arrests of DD4BC members are likely in the coming weeks and months.  The actual “Operation Pleiades” action was initiated in Austria and included Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce. The operation slowly unwound the ghostly online tracks of the extortionists by examining “blockchain” entries for Bitcoin transactions related to the DDoS threats, plus other data linked to the group’s activities.  Bitcoin-based transactions are anonymous but not perfectly transparent, and can often be traced back to their originators using secondary means. The DD4BC attacks, which appear to have started in early 2014, have targeted several different business and government sectors.  Victims range from online gambling firms to Bitcoin exchanges and mining groups, to online banking and payment processors.  Even some government institutions have been targeted. Online-poker market leader PokerStars was confirmed as one the DD4BC extortion attempts in April 2015, amid information on the DD4BC attacks assembled by Arbor Networks, the security division of NetScout Systems, Inc.  Massachusetts-based NetScout appears to have assisted international authorities in identifying the perpetrators behind the hundreds of DD4BC attacks. In addition to PokerStars, Betfair is almost certainly another of the DD4BC group’s victims.  Betfair was also targeted last April in a DDoS attack strong enough to knock both its betting exchange and fixed-odds sportsbook offline.  The attack on the “unnamed online casino” (likely Betfair) began in earnest on April 10th, following an initial probing attack launched the day before, along with a demand for payment. The information amassed by Arbor Networks also includes many of the threats e-mailed by DD4BC members to their intended victims.  Here’s the e-mail that was sent to the “unnamed” casino company (likely Betfair), immediately following attacks against Stars and online payment processor NETeller: From: DD4BC Team [mailto:dd4bct@gmail.com] Sent: 10 April 2015 02:07 PM To Subject: Re: DDOS ATTACK! Hitting pokerstars.com at the moment. Good luck if you think you can stop what they can’t. But you still have time. On Thu, Apr 9, 2015 at 3:46 PM, DD4BC Team wrote: Hello, To introduce ourselves first: https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html http://bitcoinbountyhunter.com/bitalo.html http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accusesccedk-of-withholding-info Or just google “DD4BC” and you will find more info. Recently, we were DDoS-ing Neteller. You probably know it already. So, it’s your turn! is going under attack unless you pay 20 Bitcoin. Pay to 18NeYaX6GCnibNkwyuGhGLuU2tYzbxvW7z Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don’t even bother. Right now we are running small demonstrative attack on your server. Don’t worry, it will stop in 1 hour. It’s just to prove that we are serious. We are aware that you probably don’t have 20 BTC at the moment, so we are giving you 48 hours to  get it and pay us. We do not know your exact location, so it’s hard to recommend any Bitcoin exchanger, so use Google. Current price of 1 BTC is about 250 USD. IMPORTANT: You don’t even have to reply. Just pay 20 BTC to 18NeYaX6GCnibNkwyuGhGLuU2tYzbxvW7z – we will know it’s you and you will never hear from us again. We say it because for big companies it’s usually the problem as they don’t want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. But if you ignore us, and don’t pay within 48 hours, long term attack will start, price to stop will go to 50 BTC and will keep increasing for every hour of attack. ONE MORE TIME: It’s a one-time payment. Pay and you will not hear from us ever again! Variations on the same extortion letter were sent to several other victims; this sample was distinct with the specific mentions of PokerStars and NETeller.  In addition to those two firms and the likely inclusion of Betfair, several other online-gambling companies are known to be targets of the group.  Those companies include Nitrogen Sports, Malta-based NRR Entertainment Ltd. (including slottyvegas.com and betatcasino.com), Betbtc.com, Redbet.com and others. It is also likely that last July’s DDoS attacks against several New Jersey (U.S.) online sites were the work of DD4BC extortionists.  Though those attacks are not referenced in the ASERT compilation, the July attacks are also outside the date range of most of the earlier attacks included in that report.  When the New Jersey attacks occurred, NJ Division of Gaming Enforcement director David Rebuck stated this about the perpetrator: “He’s a known actor. He’s done this before.” While DD4BC seems likely to be peeled open by international invetigators, DDoS-based extortion attempts aren’t going to go away.  The reason is that the tools needed to launch such attacks are too cheaply and commonly available to would-be cyber-attackers.  As a result, the best defense remain vigilance, rapid response… and robust Internet connectivity. According to Wil van Gemert, Europol’s Deputy Director of Operations, “Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage. Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.” Source: http://www.flushdraw.net/news/misc/two-arrested-in-ddos-attacks-linked-to-online-gambling-site-extortion/

Excerpt from:
Two Arrested in DDoS Attacks Linked to Online Gambling Site Extortion

Israeli academics claim they can predict botnet attacks

Isolated attacks can add up to concerted malbot action , say boffins Ben Gurion University researchers have developed a tool capable of predicting future botnet attacks while also distinguishing between human and automated campaigns.…

Read More:
Israeli academics claim they can predict botnet attacks