Instead of just encrypting data files on a workstation (plus any network drive it can find) and locking the machine, a new variant of the Cerber ransomware is now adding a DDoS bot that can quietly blast spoofed network traffic at various IPs, according to KnowBe4. This is the first time DDoS malware has been bundled within a ransomware infection. It means that while the victim is unable to access their endpoint, that same endpoint … More ?
If your Netflix password is your banking password, you’ll get what you deserve The perils of password re-use have been laid bare with the discovery of a botnet dedicated to finding account credentials on websites and testing the logins it finds on banks.…
In May 2016, the Special Investigations team at Forcepoint revealed the existence of a botnet campaign that is unique in targeting a very small number of individuals while in tandem, herding thousands of victims into general groups. The discovery, known as Jaku, offers vital insight into the workings and characteristics of a botnet, as well as specific understanding of a targeted attack that differs from the scattergun approach of broader botnet activities. It also sheds … More ?
A Japanese teenager was charged on May 11 for allegedly launching a DDoS attack against the Osaka Board of Education, which shut down 444 school websites. The 16-year-old faces obstruction of business charges for the attack, which was carried out last November, and marked the first time in Japan’s history that a cyber attack was launched against a local government, according to Japan Today. The teen said he launched the attack to remind his teachers “of their own incompetence,” according to the publication. The student reportedly told police he wanted to join the hacking collective Anonymous and that he didn’t know that schools other than his own would be impacted. He faces up to three years in prison and a 500,000 yen fine. Source: http://www.scmagazine.com/japanese-teen-launches-massive-ddos-attack-to-remind-teachers-they-are-incompetent/article/496756/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineHome+%28SC+Magazine%29
Enlist phones in ad fraud, premium SMS, loser DDoS Malicious Android applications have bypassed Google’s Play store security checks to enslave infected devices into distributed denial of service attack, advertising fraud, and spam botnets.…
Better the devil you know as malware replaces Alphabet ads with less sanitary banners About a million computers have been enslaved into a newly-identified botnet that is plundering Google advertising revenues, a security trio says.…
Anonymous has joined forces with GhostSquad to launch successful cyberattacks on eight international banks that were forced to shut down their websites. The hacktivist collective alongside the hacker group GhostSquad have launched a new operation called Op Icarus which aims to punish corrupt banks and individuals in the financial sector. So far the Central Bank of the Dominican Republic, the Guernsey Financial Services Commission, the Central Bank of Maldives and the Dutch Central Bank were all offline for a brief period on May 6 after being hit with distributed denial of service (DDoS) attacks. A day later, the National Bank of Panama and the Central Bank of Kenya were hit with cyberattacks, followed by the Central Bank of Bosnia and Herzegovina and the Central Bank of Mexico were taken offline as a result of DDoS attacks. All eight of the international banks that have been targeted by Op Icarus have managed to bring their systems back online. Anonymous did send a warning to the banking community in the form of a video that was posted on May 4 which said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous”. Members of the group also reportedly told the site Hack Read that: “The National Bank of Panama was a special target considering the importance of the Panama leaks. We want to make sure the corrupt elite named in the papers would be punished one day”. With the addition of the cyberattack against the Central Bank of Greece and the Central Bank of Cyprus, Anonymous has now launched 10 attacks on international banks on its list of 160 potential banks that could be targeted by its members. Anonymous has planned Op Icarus to be a month long campaign against the banking industry as a whole. The US Federal Reserve Bank, the IMF, the World Bank, the New York Stock Exchange and the Bank of England are all listed by the group as potential targets and with more than half of the campaigns’ allotted time remaining, this will most likely not be the group’s grand finale. Source: http://betanews.com/2016/05/12/anonymous-op-icarus/
A security researcher at SANS Technology Institute put out an advisory around 8 months ago when he discovered that WordPress’s “pingback” functionality contains an exploit allowing it to request a result from any server that an attacker wishes. This vulnerability means that there are thousands of WordPress installations that can be effectively weaponized to conduct floods against any target site of someone’s desire. This particular attack is dangerous because many servers can be overwhelmed with only 200 blogs “pingbacking” their site, clogging up their limited connections and/or resources. To confirm if you are under wordpress pingback ddos attack, check your access logs. $ sudo tail -f /var/log/apache2/access.log Logs will look like this: 184.108.40.206 – – [09/Mar/2014:11:05:27 -0400] “GET /?4137049=6431829 HTTP/1.0? 403 0 “-” “ WordPress /3.8; http://www.mtbgearreview.com” 220.127.116.11 – – [09/Mar/2014:11:05:27 -0400] “GET /?4758117=5073922 HTTP/1.0? 403 0 “-” “ WordPress /4.4; http://i-cttech.net” 18.104.22.168 – – [09/Mar/2014:11:05:27 -0400] “GET /?7190851=6824134 HTTP/1.0? 403 0 “-” “ WordPress /3.8.1; http://www.intoxzone.fr” 22.214.171.124 – – [09/Mar/2014:11:05:27 -0400] “GET /?3162504=9747583 HTTP/1.0? 403 0 “-” “ WordPress /2.9.2; http://www.verwaltungmodern.de” To block wordpress pingback attack in Apache use this configuration. $ sudo nano /etc/apache2/apache2.conf Options -Indexes AllowOverride All Require all granted BrowserMatchNoCase WordPress wordpress_ping BrowserMatchNoCase WordPress wordpress_ping Order Deny,Allow Deny from env=wordpress_ping Source: https://sherwinrobles.blogspot.ca/2016/05/protect-your-apache-server-wordpress.html
Five apps on Google Play carry Viking Horde, a new malware family that ropes Android devices into an ad-clicking botnet, but can also make them send out spam, send SMS messages to premium-rate numbers, download additional apps, and even participate in DDoS attacks. The discovery was made by Check Point researchers, and they have notified Google about it on May 5, but as I’m writing this, the apps are still available on Android’s official app … More ?
Like any business initiative, good preparation and planning can go a long way toward making the DDoS response process as manageable, painless, and inexpensive as possible. Read the DDoS Response Playbok and find out: How you can effectively plan and execute your DDoS response plan What are the best practices for choosing and setting up the right mitigation solution for your organization What the steps and procedures for authoritatively responding to a DDoS attack. DDoS … More ?