Net scum target florists on day of commercialised romance Net scum have bashed florists with distributed denial of service attacks over Valentine’s Day in a bid to extract ransoms, security analysts say.…
Continue Reading:
Roses are red, violets are blue, Valentine’s Day means DDoS for you
Security vendor Imperva says it has observed a sharp increase in automated bot traffic directed at florist sites. Cyber criminals have shown a consistent tendency to exploit major news and seasonal events to slip phishing and other malicious attacks past unwary victims. And so it is with this Valentine’s Day as well. Florists apparently have been receiving a lot of attention, of the unwanted variety, from online criminals, security vendor Imperva reported this week. All 34 of the company’s florist customers have experienced a sharp spike in traffic to their sites over the last few days. While some of the traffic is to be expected, considering the rush to order flowers for Valentine’s Day — a lot of it is not. According to Imperva, more than nine in 10 of the florist sites witnessed a sudden surge in bot traffic between February 5 and February 11. In about 23% of the cases, the spike in bot traffic was dramatic enough to cause problems. Contrary to what some might expect, the attack traffic did not appear to be opportunistic in nature. Rather, it looked as if the florists were being individually targeted in denial-of-service campaigns apparently designed to extort money from them. Sponsor video, mouseover for sound One of Imperva’s florist customers reported receiving a ransom note, while another experienced an application-layer denial of service attack, Imperva said. In the case of the latter victim, the company’s Content Distribution Network (CDN) provider interpreted the botnet traffic as regular user sessions, resulting in the site exceeding its contracted cache capacity. This in turn caused the CDN to route the attack traffic through its own origin servers, resulting in their site going down under DDoS traffic. A screenshot published on Imperva’s blog shows that some of the Web application attacks had originated in the United Kingdom, though one appeared to be from Latvia. Somewhat surprisingly, attackers were still going after old vulnerabilities such as Shellshock in an attempt to breach systems belonging to their targets, according to Imperva. Florists can mitigate the threat by monitoring their traffic for unexpected behavior, like heavier than normal traffic spikes, or visits from unfamiliar IP addresses. “Any unusual activity could be ‘dry runs’ by attackers foreshadowing an imminent full-blown attack,” Imperva said. The company also urged florists to monitor Twitter and sites such as Pastebin.com for chatter hinting at a potential attack on their sites. The sudden spike in malicious traffic directed at online florists reflects a common tendency among cyber crooks to escalate malware campaigns and attacks around seasonal events and major news happenings. Earlier this year, mobile network protection vendor Adaptive Mobile reported on a series of picture message spam campaigns on the Kik messenger service that were timed to coincide with seasonal events. The spam messages involved the use of images belonging to well-known brands to try and get recipients to follow links to malicious websites. What was noteworthy was the fact that each campaign was tied to a specific event. For instance, one of the Kik spam campaigns was launched around Halloween, and featured an image message purportedly from Amazon. Another campaign around Thanksgiving involved spam featuring spoofed McDonalds images, while one in the days preceding Cyber Monday featured BestBuy-related spam. While the campaign was not technically very sophisticated, the effort put into creating individual picture messages purporting to be from major brands, suggested a specialist campaign, Adaptive Mobile had noted. Source: http://www.darkreading.com/endpoint/valentines-day-inspires-ddos-attacks-against-online-florists-/d/d-id/1324312
Read the original:
Valentine’s Day Inspires DDoS Attacks Against Online Florists
As the threat of DDoS attack looms large on the enterprise, CDSL’s CIO, Joydeep Dutta, countered it ahead of time with his in-house DDoS protection. For the past few years, India Inc. and its IT teams have been in a constant state of war with malware, hackers, insidious employees and everything that is a threat to their information security. The only strategy applied—and it wasn’t an effective one—was to deal with the after effects of the attack. But one CIO believed in the age old adage: Prevention is better than cure, and secured the most critical applications of the company from DDOS attacks. “Today, not many companies have implemented in-house DDoS protection though it is the ideal way of preventing denial of service attacks. If done only at the network service provider through clean pipes, it doesn’t give full protection,” says Joydeep Dutta, group CTO, Central Depository Services Limited. According to a recent report released by Akamai, India stands in the fourth position for being the origin of non-spoofed DDoS attacks. Of all the attacks, 7.43 percent originated from the country. The project was therefore a high priority for Dutta as the company’s core depository application, electronic voting for company resolution and other critical applications were Web-based. Not wasting any more time, as the threat loomed large, Dutta implemented an in-house DDoS protection and Web Application Firewall for additional security above the capability of traditional network firewalls. “By implementing Web application firewall (WAF), the internet-facing applications which are part of the core applications for most organizations were additionally protected,” he says. Further explaining the project, Dutta says that the in-premises DDOS equipment is the first layer of defense in the on-premise infrastructure. All the other equipment such as ISP routers, firewalls etc; at customer premise, are underneath this. “A set of security modules including Denial-of-service (DoS) protection, Network Behavioral Analysis (NBA), Intrusion Prevention System (IPS), Reputation Engine and Web Application Firewall (WAF), fully safeguard networks, servers, and applications against known and emerging network security threats,” Dutta says. Another novel thing about the project was the built-in security event information management system which collects and analyzes events from all modules to provide enterprise-wide views. CDSL reaped huge benefits from the on-premise DDoS implementation. “It was easy to proactively monitor the security features of these devices to decide necessary actions to be taken,” he says. It was now easy to black-list the vulnerable IP list received regularly from NCIIPC. It was also possible to stop repeated attacks with the help of the device. Thus, Dutta set an example for his peers to follow by securing the organization against the looming security threats. You too get going. Source: http://www.cio.in/case-study/how-cdsl%E2%80%99s-cio-way-ahead-fight-against-ddos-attack
More:
How CDSL’s CIO is way ahead in the fight against DDoS attack
DDoS as an attack vector is on the rise: here’s how to stop it from stopping your business. Distributed Denial of Service (DDoS) attacks maybe as old as the hills but they continue to be a popular, and highly effective, attack vector for hackers. In the past couple of months alone we have seen a persistent DDoS attack on the UK academic computer network JANET, which was swiftly followed by one against cloud hosting company Linode, leading to service interruptions at DNS infrastructure and data centers across the U.S. and the U.K. Indeed, recent research released by Arbor Networks in its Annual Worldwide Infrastructure Security Report stated that DDoS attacks are on the rise, with half of the 354 global respondents’ data centers suffering DDoS attacks – a 33% increase from 2014. DDoS attacks have increased in frequency for some time – giving hackers a relatively uncomplicated method to bring a website down or disrupt a web service. Although DDoS attacks do not involve the stealing of data, they can be highly damaging in other ways, not least by affecting the trust and reputation that a company has among its customers. This can lead to financial damage through lost customers and lost business. Moreover, DDoS attacks can be used as a diversionary smokescreen for more aggressive attacks, as was the case with the recent TalkTalk breach. So what can organisations do to help protect themselves against the threat of DDoS and mitigate the effects of such attacks? The first step is being able to quickly detect that you are under attack, and having a procedure in place to deal with it. Illegitimate traffic can be hard to distinguish from legitimate traffic, but the typical signs of a DDoS attack are a sharp increase in traffic to your website followed by a slowing down of performance (there are services that can continuously monitor your website’s responsiveness from an external point of view, such as Dynatrace and SolarWinds.) Once a DDoS attack is underway, you have a number of options in terms of dealing with the bombardment: ISP blocking and scrubbing – It is advisable to deal with the attack in an environment that’s removed from your network, to prevent it from affecting other areas of network performance. If you suffer a DDoS attack contact your internet service provider, as many offer DDoS protection services such as blocking the originating IP addresses or ‘scrubbing’ malicious packets. They will also probably have greater bandwidth than you and are therefore likely to be able to deal with the attack more efficiently and effectively. Blackholing – A common response to a DDoS attack is to simply route all website traffic into a black hole, thus taking the website offline until the attack ceases. The problem with this approach is that it blocks all traffic, both good and bad, which basically means that the hacker has achieved their objective. Routers and firewalls – You can set up routers and firewalls policies to filter non-critical protocols, block invalid IP addresses and shut off access to specific high-risk segments of your network in the event of an attack. However, be aware that these techniques are somewhat ineffective against more sophisticated attacks that use spoofing or valid IP addresses. Content delivery network – Using a content delivery network to create replicas of your website for customers in different locations can help reduce the impact of the DDoS attack as well as make the extra DDoS related traffic easier to combat. Anti-DDoS technology – Many of the leading firewall appliance vendors offer specialised anti-DDoS modules, that can be deployed at the perimeter of your network or data center, which are designed to detect and filter malicious traffic. However, these are not automated and need to be constantly managed and updated by your operations team. While there is no single ‘silver bullet’ solution that can stop a DDoS attack in its tracks once the traffic starts hitting your website, you can lessen its impact on your business by using a combination of the methods I’ve outlined here. As DDoS continues to be used as a cyber-weapon against websites and online resources, organisations should ensure that they have a response plan in place that includes these mitigation techniques, to help deny attempted denial-of-service attacks. Source: http://www.information-age.com/technology/security/123460891/denying-deniers-how-effectively-tackle-ddos-attacks#sthash.HM41ehWS.dpuf
Continue Reading:
Denying the deniers: how to effectively tackle DDoS attacks
After last September's arrest of an alleged member of the gang that has been developing and spreading the Dridex banking malware, and last October's temporary disruption of the Dridex botnet at the ha…
View post:
Someone hijacked the Dridex botnet to deliver Avira AV's installer
Ah, great. Ave AV Part of the distribution channel of the Dridex banking Trojan botnet may have been hacked, with malicious links replaced by installers for Avira Antivirus.…
View original post here:
Mystery hacker pwns Dridex Trojan botnet… to serve antivirus installer
Ah, great. Ave AV Part of the distribution channel of the Dridex banking Trojan botnet may have been hacked, with malicious links replaced by installers for Avira Antivirus.…
Link:
Mystery hacker hijacks Dridex Trojan botnet… to serve antivirus installer
Last week HSBC’s online banking website was taken down by a DDoS attack, leaving thousands of customers unable to access its services. Here are some of the comments Help Net Security received. …
Original post:
Reactions to the HSBC DDoS attack
HSBC said today it was working with local police to find those who disrupted its online banking services with a denial of service attack, as customers complained of not being able to access their accounts. The attack was made even more painful for customers as the last Friday of the month is a traditional payday in the UK, the home of HSBC. Little information was provided by HSBC other than a terse statement over Twitter: “HSBC UK internet banking was attacked this morning. We successfully defended our systems. “We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience.” A spokesperson told the BBC a denial of service attack was the cause of the downtime. A subsequent tweet revealed the police had been contacted: “HSBC is working closely with law enforcement authorities to pursue the criminals responsible for today’s attack on our Internet banking.” HSBC was hit by a distributed denial of service (DDoS), where infected machines fire an overwhelming number of data packets at a server to stop it working, most recently in 2012. That time the Anonymous hacktivist crew was believed to have carried out the hit. DDoS attacks in general have been causing havoc in recent months, as criminals have tried to extort targets, threatening to knock businesses offline unless a ransom was paid. Encrypted email provider ProtonMail was criticised for paying a ransom of $6,000 in Bitcoin at the end of 2015 to a DDoS extortionist crew called the Armada Collective. That group targeted other secure email providers Hushmail, Runbox and VFEMail. Anti-DDoS provider Arbor Networks reported earlier this month that the record for DDoS power hit a new peak in 2015, hitting 500Gbps. Numerous organizations had reported attacks in the 400Gbps-500Gbps range throughout 2015, Arbor noted. With so much power, and such easy money to be made with extortion attacks, no business appears immune from DDoS downtime. Professor Alan Woodward, a security expert from the University of Surrey, said an attack capable of taking down an entity like HSBC would need to be big. “In addition we’re seeing the emergence of techniques that mean that these attacks are circumventing some of the systems put in place to mitigate agains these attacks,” Woodward said. He also warned DDoS has been used as a “smokescreen” for other malicious activity in the past. “They want to tie up the technical departments, of which there is obviously a finite number, so that they might miss some unusual activity that would give away the fact that the hackers are breaches the corporate boundary.” Source: http://www.forbes.com/sites/thomasbrewster/2016/01/29/hsbc-ddos-downtime/2/#4eea0f825126 http://www.forbes.com/sites/thomasbrewster/2016/01/29/hsbc-ddos-downtime/#109a8cc451c2
Taken from:
HSBC Calls In Cops To Chase DDoS Attackers Who Took Online Banking Down
Oh no – not again! Updated HSBC customers were once again locked out of online banking this morning, following an apparent DDoS attack on the bank.…
Visit link:
HSBC online services still offline following ‘attack’ on bank