A distributed denial of service (or DDoS) attack is an attempt to take a website offline by overwhelming it with internet traffic.
Read More:
VIDEO: What is a DDoS attack?
Author Archives: Enurrendy
Customers of large NZ website company Zeald have been hit by DDoS attack
Customers of a large New Zealand website design company have had their websites shut down due to a cyber attack believed to target one or more of the company’s customers. Customers of Zeald were informed on Thursday that some clients had experienced outages with their websites in recent weeks. The company, formed in 2001, with thousands of customers in New Zealand and Australia, has told clients the outages were caused by Distributed Denial of Service (DDoS) attacks. These attacks attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They present a major challenge to making sure people can publish and access important information. “Simply put, a DDoS attack simulates millions of computers trying to access a website at the same time. This puts tremendous stress on the online infrastructure, and can make access to a website difficult, or impossible,” the company said in its email. “We believe these attacks are targeted at one of our customers,” it said. It said the attacks were difficult to resolve and were a rapidly expanding class of security attack. They did not involve ‘hacking’ and did not lead to the loss of confidential information, but they made it impossible to access a site. “They can be created by attackers with limited technical skill but options for dealing with them are extremely limited”. “Working with our upstream providers, we have been able to stop these attacks temporarily by blocking international traffic. Unfortunately, these attacks keep resuming and are no longer isolated to international traffic alone. These attacks are also causing major issues for our upstream providers as well as the other websites and services that they provide,” it said. “If you have experienced any kind of extortion attempt or communication threatening an attack like this please let us know. Any feedback regarding recent threats will be treated in the strictest confidence. If we know the target of the attack there are measures we can put in place to eliminate the problem”. Source: http://www.stuff.co.nz/technology/77539929/customers-of-large-nz-website-company-zeald-have-been-hit-by-cyber-attack
Excerpt from:
Customers of large NZ website company Zeald have been hit by DDoS attack
OPSEC mistakes spill Russian DDoS scum’s payment secrets
$66 a pop, if you’re the sort who pays for these things OPSEC mistakes by a cybercrook have allowed security researchers to estimate the revenue of a Russian DDoS booter merchant.…
View article:
OPSEC mistakes spill Russian DDoS scum’s payment secrets
F2Pool Suffers from Series of DDoS Attacks
F2Pool, a Chinese mining pool also referred to as Discus Fish, which holds the largest share of the Bitcoin network’s hashrate at 26%, has been experiencing a series of extreme DDoS attacks. The attacks began to target the F2Pool Bitcoin mining pool almost immediately after the F2Pool team announced their decision to “test” Bitcoin Classic by launching a subpool in which miners can mine Bitcoin Classic blocks. Peter Todd and other Bitcoin experts requested the hackers and the individuals behind the series of DDoS attacks to terminate them immediately, as they are delaying the mining pools and companies to reach a consensus on the block size debate. Whomever is DoS attacking f2pool please stop. You’re only making it harder to come to consensus.https://t.co/GoicJNhcMY — Peter Todd (@petertoddbtc) February 25, 2016 Behind the DDoS attack Some bitcoin enthusiasts and supporters of Bitcoin Classic claim that the attacks have been directed and paid for by Bitcoin Core supporters, and its developers, to forcefully cause Bitcoin Classic nodes to become inoperable. A hacker, or a hacking group, that goes by the online alias botneko-chan stated on a forum that they have been paid to launch professional DDoS attacks on F2Pool’s Bitcoin Classic subpools. “Just paid, I’m professional ddoser lol. Don’t know why someone want to bring it down. Maybe increasing block size will decrease miners profit? I’m using bitcoin a lot but don’t care about it’s politics too much, XT had too fast block size grow rate which looks unrealistic to me. I think BIP100 is okay since it allows voting and also bitcoin unlimited also seems like good idea and looks simpler for me. If classic will fork to 2mb blocksize and it would be not enough then what? Next hard fork? I think protocol should support miner voting by design,” the hacker himself said on Reddit. Jonathan Toomim, the leading developer and founder of Bitcoin Classic, further explained that Chinese miners and mining pools are quite skeptical towards Bitcoin Classic as they prefer not to change pool information on their hardware to adopt the 2 megabyte hard fork. “Actual miners are lazy,” said Toomim. “They don’t like to change pool information on their hardware very often, because that would require logging into each of your machines and copy-pasting in new data to a web form and clicking submit. A typical mining farm will have hundreds to tens of thousands of these machines. The approach that Slush is taking is different. Rather than requiring users to reconfigure each machine, Slush is giving users a way to switch all of their hardware between Classic and Core by clicking on one button on Slush’s website. This should result in much faster changes.” As of now, leading bitcoin mining pools, including Antpool, F2Pool and BitFury, are supporting the roadmap and development of the Bitcoin Core development team. Source: http://cointelegraph.com/news/f2pool-suffers-from-series-of-ddos-attacks
View post:
F2Pool Suffers from Series of DDoS Attacks
Repeat DDoS and web application attacks become the norm
Akamai Technologies has shared the latest DDoS and web application attacks numbers in its Q4 2015 State of the Internet report. DDoS attack activity at a glance During Q4, repeat DDoS attacks were the norm, with an average of 24 attacks per targeted customer in Q4. Three targets were subject to more than 100 attacks each and one customer suffered 188 attacks – an average of more than two per day. During Q4, Akamai mitigated … More ?
Visit site:
Repeat DDoS and web application attacks become the norm
DDoS attacks up 149 percent as brassy booter kids make bank
Akamai report finds surge in weighty packets. The number of distributed denial of service attacks rose 149 percent in dying months of 2015 according to Akamai’s networking wonks.…
Continue Reading:
DDoS attacks up 149 percent as brassy booter kids make bank
You don’t need a website to get hit by DDoS
Just because your business doesn’t have a website, that doesn’t mean it can’t be a victim of a DDoS (distributed denial of service) attack. This sentence might not make much sense at this point, but keep reading. Security firm Kaspersky Lab and researchers B2B International looked at what cyber-crooks go for when attacking businesses and enterprises, and here’s what they came up with: Last year, 16 per cent of companies (globally), were victims of a DDoS attack. Among enterprises, the percentage jumps up to 24. For most, external activities, such as websites, were targeted. Among half, websites had been hit, logins and portals were attacked in 38 per cent of cases, while communications services were attacked 37 per cent of times. Transactional systems had been affected in 25 per cent of cases. But also, in 25 per cent of cases, file servers had been hit, and 15 per cent said their operational systems were targeted. Another 15 per cent said a DDoS attack hit their ISP network connectivity. “It’s important to take a DDoS attack seriously. It’s a relatively easy crime to perpetrate, but the effect on business continuity can be far-reaching. Our study found that alongside the well-publicised impact of an attack, such as website downtime, reputational damage and unhappy customers, DDoS hits can reach deep into a company’s internal systems. It doesn’t matter how small the company is, or whether or not it has a website; if you’re online, you’re a potential target. Unprotected operational systems are just as vulnerable to a DDoS attack as the external website, and any disruption can stop a business in its tracks,” said Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab. Source: http://www.itproportal.com/2016/02/29/you-dont-need-a-website-to-get-hit-by-ddos/
See the original article here:
You don’t need a website to get hit by DDoS
Google punts freebie DDoS shield to hacks, human rights worthies
Reverse proxying traffic might save headaches Google has launched a free service to protect news websites against DDoS attacks.…
See the original article here:
Google punts freebie DDoS shield to hacks, human rights worthies
Project Shield: Latest Google product could protect start-up websites from hacker DDoS attacks
On 24 February, Google and its parent company Alphabet opened the doors to Project Shield, a service designed to protect independent news websites with controversial geopolitical messages from distributed denial-of-service (DDoS) attacks. The project, which originates from the Google Ideas branch that was recently extended and rebranded as Jigsaw, has come out of an invite-only beta and is now freely available to any website not owned by a government or political party that passes through the application process. According to a Wired report, sites that have successful applications to the project will then be able to change their site’s domain name configuration which so that it redirects to a Google server. This server effectively creates a “reverse-proxy”, which then filters out malicious traffic. Google claims in an accompanying video (below) that decision to help independent websites from suffering the wrath of hackers is to reduce forced censorship, via online blackouts, for those sites that are delivering sensitive news in regions of political turmoil and/or upheaval. An example given for an early case of Project Shield’s use covers how Yahyanejad, the editor-in-chief of Balatarian.com , managed to take advantage of Google’s system to effectively null a swathe of DDoS digital strikes presumed to be intended to suppress the site’s coverage of the 2009 Iranian presidential election. “Just about anyone who’s published anything interesting has come under an attack at some point,” said Project Shield lead George Conard. “The smaller and more independent voices often don’t have the resources, whether technical or financial, to really put good protections in place…That’s where we come into the picture.” The catch, however, could be a deal breaker for some, despite the obvious positives of the service. While Alphabet executive director Eric Schmidt talks of using Jigsaw-produced schemes as being purpose-built to enable “technology to tackle the toughest geopolitical challenges,” any website making use of Project Shield is required to give Google access to its raw data logs on who is accessing the site itself. While this may cause privacy concerns, the company confirmed to Wired that the data logs will only be kept for a maximum of two weeks. Project Shield product manager CJ Adams said: “We’ve made it very explicit we don’t have the rights to commercialise anything that comes through.” Source: http://www.ibtimes.co.uk/project-shield-latest-google-product-could-protect-start-websites-hacker-ddos-attacks-1546036
Originally posted here:
Project Shield: Latest Google product could protect start-up websites from hacker DDoS attacks
Palo Alto reveals critical bugs and March 16th patch deadline
Researcher who found the flaws will reveal crim-friendly details in three weeks Palo Alto Networks has revealed four new nasties, one of which can allow remote code execution and DDOS attacks on its boxen, and given users until March 16th to patch them.…
Originally posted here:
Palo Alto reveals critical bugs and March 16th patch deadline