DNS services appear to be targeted, switching may work Members of UK’s academic community from freshers to senior academics are facing more connection issues today as a persistent and continuous DDoS attack against the academic computer network Janet continues to stretch resources.…
Read the article:
Day 2: UK research network Janet still being slapped by DDoS attack
Attackers seem to be adjusting methods in response to Tweets Publicly-funded academic computer network Janet has come under a persistent DDoS attack today, which hobbled multiple internet connections, including the Manchester to Manchester Core Router.…
Continued here:
UK research network Janet under ongoing and persistent DDoS attack
Your four-year reign of terror is (temporarily) over Operations of the Dorkbot botnet have been disrupted following an operation that brought together law enforcement agencies led by the FBI, Interpol and Europol, and various infosec firms.…
Visit link:
White hats, FBI and cops team up for Dorkbot botnet takedown
Skilled VXers have built 25 plugins, made 4000 variants, say crack security team Botconf One of the world’s most successful, oldest, and largest botnets is an underestimated and largely-unknown threat that has over time infected 15 million machines and made millions plundering bank accounts.…
Read more here:
Ponmocup is the ’15 million’ machine botnet you’ve never heard of
TheNode.js Foundation has revealed a couple of bugs within its JavaScript software that could lead to major denial of service attacks against websites using the code. The issues affects versions of Node.js from version 0.12 up to version 5. In a bulletin issued by the Foundation, the popular server-id JavaScript platform has two vulnerabilities. One covers “a high-impact denial-of-service vulnerability” while the other is a “low-impact V8 out-of-bounds access vulnerability.” V8 is the JavaScript engine developed by Google and used by Node.js. The DoS issue is labelled as CVE 2015-8027, while the access problem is identified as CVE-2015-6764. According to the bulletin, the first bug could allow a hacker to launch a denial of service. The second bug could enable a hacker to trigger an out-of-bounds access and/or denial of service if user-supplied JavaScript can be executed by an application. The issues were disclosed last week with patches due to be released yesterday. However, the Foundation announced that it will now delay releasing the patches until Friday. It said this was because of dependencies on OpenSSL, which itself has been found to contain further vulnerabilities. “Node.js versions v0.10.x and v0.12.x depend on OpenSSL v1.0.1 and versions v4.x (LTS Argon) and v5.x depend on OpenSSL v1.0.2,” stated an advisory on the Node.js website. “As the Node.js build process statically links OpenSSL into binaries, we will be required to release patch-level updates to all of our actively supported versions to include the upstream fixes. While we are unaware of the exact nature of the OpenSSL vulnerabilities being fixed, we must consider it likely that Node.js releases will be required in order to protect users.” It said the move to Friday was “unfortunate” but has to take into account of “the possibility of introducing a vulnerability gap between disclosure of OpenSSL vulnerabilities and patched releases by Node.js and therefore must respond as quickly as practical.” “Please be aware that patching and testing of OpenSSL updates is a non-trivial exercise and there will be significant delay after the OpenSSL releases before we can be confident that Node.js builds are stable and suitable for release,” the organisation said. Wim Remes, strategic services manager EMEA at Rapid7, said vulnerabilities in Node.js “impacts organisations across verticals, from ecommerce websites, over healthcare organisations, to critical infrastructure.” “Hackers will leverage any vulnerability that allows them to gain control over a target. Denial of Service vulnerabilities are mostly used for targeted hacktivism or extortion purposes. The out-of-bounds access vulnerability, as it provides direct access to an infrastructure, would be a welcome tool in the arsenal of any digital criminal,” he said. “With access to part of the infrastructure, an attacker can pivot further through the infrastructure, destroy information, exfiltrate information, install spying software, etc. A vulnerability that provides direct access is the first tool an attacker needs to achieve their goals.” Remes added that in this case patching is about the only thing an organisation can do. “There are obviously ways to stop attacks using Web Application Firewalls or Intrusion Prevention Systems but given the severity of the issues, I would definitely recommend to prioritise patching. Additionally, making sure that any system which doesn’t need to be on the internet is not reachable by external users is something that makes sense too,” said Remes. Source: http://www.scmagazineuk.com/warnings-over-nodejs-flaw-that-could-lead-to-dos-attacks/article/457205/
See more here:
Warnings over Node.js flaw that could lead to DoS attacks
Armada Collective, the hackers that launched DDoS attacks on ProtonMail, are back and are targeting several Greek banks, using the same DDoS-for-Bitcoin extortion scheme. Unlike the ProtonMail debacle, when the secure email provider agreed to pay the hackers’ ransom, this time around, bankers contacted local law enforcement, as Greek newspaper Kathimereini is reporting. The attacks started on Thursday, November 26, and continued through this week. Three unnamed Greek banks were targeted, and Armada Collective hackers asked for 20,000 Bitcoin ($7,210,000 / €6,790,000) from each of them. Yanni Koutsomitis, Eurozone analyst and managing director at Imperial Media, said that, on Monday, Greek authorities brought in FBI specialists to help with the investigation and countering the cyber-attack. During the DDoS on ProtonMail, after the initial attacks that convinced ProtonMail management to pay the ransom, subsequent DDoS attacks grew in intensity. Armada Collective denied responsibility for the subsequent attacks, which were many times stronger than the early ones. Many believed the hackers’ explanation and suspected that a state-sponsored actor quietly got on the line and was taking revenge on the secure email provider labeled as “NSA-proof.” The attacks on the Greek banks now confirm that Armada Collective is a serious threat and has the power to cripple an entire nation’s financial institution. Previous Armada Collective targets include Hushmail, Runbox, and a few Internet Service Providers from Switzerland. None of them paid the ransom. Source: http://news.softpedia.com/news/greek-banks-hit-by-ddos-attacks-hackers-ask-for-bitcoin-ransoms-to-stop-496966.shtml
Read this article:
Greek Banks Hit by DDoS Attacks, Hackers Ask for Bitcoin Ransoms to Stop
The popular website Tux Machines has evidently fallen victim to a DDoS attack that made the site unavailable for part of the day on Friday. The announcement of the attack was initially made in a blog notice posted on the site late Friday morning GMT which opened with the line “Tux Machines has been mostly offline this morning.” According to the blog post, the attack was at first thought to have been initiated by the Chinese web services company Baidu, but a later update indicated that turned out not to be the case. “…Baidu was [not] at fault but botmasters who used ‘Baidu’ to masquerade themselves, hiding among some real and legitimate requests from Baidu (with Baidu-owned IP addresses).” At this time, it’s not known who’s behind the attack. Roy Schestowitz, who with his wife Rianne publishes both Tux Machines and the politically oriented FOSS blog site Techrights, told FOSS Force, “We’ve suspected EPO seeking revenge, which makes sense for Techrights, not Tux Machines.” EPO refers to the European Patent Office which recently threatened Schestowitz with civil action over an article which claimed the EPO purposefully gives priority to patent applications from large corporations. This isn’t the first time the outspoken Schestowitz’s sites have come under DDoS attacks. In September and October of 2014, both sites came under a crippling attack that lasted for several weeks and which left both sites unreachable for long stretches of time. Indications are that this current attack isn’t nearly as damaging, although Schestowitz said that he and his wife had been working to keep Tux Machines functional throughout the weekend. Many websites use the services of a content delivery network (CDN), in part as protection against all but the most robust DDOS attacks. Schestowitz told us that no CDN is used by either of his sites. “I wrote a lot about this before,” he said. “Performance, Tor, privacy issues, JavaScript and so on. So no, CDNs are out of the question.” We sent Tux Machines an email this morning to determine the current status but have not received a reply. However, at the time of publication the site was responsive, as was Techrights. Source: http://fossforce.com/2015/11/tux-machines-again-face-ddos-attacks/
The Netherlands public broadcaster NPO was hit by the largest DDoS attack ever, leaving the NOS site and app unreachable for some time on Sunday night. Other national and regional broadcasters’ sites were still online, but difficult to reach. During a DDoS attack a computer system is bombarded with an extreme number of visits. “We are used to large groups of users with big news, but this number surpassed everything. And all at the same time”, NPO said, according to NOS. The public broadcaster is considering which measures to implement, on top of the measures already in place, to prevent similar disturbances in future. The perpetrators behind the attack have not yet been identified. Source: http://www.nltimes.nl/2015/11/30/netherlands-public-broadcaster-hit-in-worst-ever-ddos-attack/
Read More:
Netherlands public broadcaster hit in worst-ever DDoS attack
Today is Black Friday in the U.S. a retail holiday where numerous, extravagant deals are revealed to a ravenous public. In the brick and mortar universe, this can become a free-for-all when shoppers will camp out for days in front of a store just to get in on the first deals. In the cyber universe the same greatly increase traffic can be seen and this also makes it hunting season for hackers and extortionists attempting to get a cut. On the Internet, the easiest and lowest form of disruption is the distributed denial of service (DDoS) attack and we’ve seen it employed throughout the year by for various reasons to take down websites. To get a better understanding of what e-retailers can expect now on Black Friday and the upcoming Cyber Monday, SiliconANGLE reached out to Nexusguard (Nexusguard Limited), DDoS protection experts, and spoke with their Chief Scientist Terrence Gareau. “Risk from cyberattack is a trend repeating every year,” says Gareau. “No doubt retailers all experience an uptick in attacks [during Black Friday]. Attackers are definitely taking advantage of the uptick and e-tailers need to put in more resources to boost their websites’ security.” This year DDoS attacks hit record highs, according to the State of the Internet report from Akamai for Q2 2015. The number of attacks grew by 132 percent compared to the same time in 2014 and 12 attacks occurred that exceeded 1,000 gigabits per second (Gbps). Nexusguard’s own overwatch on DDoS showed that during 2015 Q3 attack numbers rose by 53 percent over Q2, higher than any quarter over the past two years. E-commerce at more risk than ever from DDoS attacks Most DDoS attacks that make it to the news are being done my Internet mayhem groups looking for fame and attention. The most recent example is the attack committed by Lizard Squad on Christmas Day, December 26, 2014 against the Xbox LIVE and PlayStation networks that knocked the gaming services offline for millions of customers However, Gareau says that not all DDoS attacks come from people seeking attention—some are seeded with greed and extortion. Especially when it comes to the lesser-known attacks that services and e-retailers suffer around this time of year. When asked if competitors might use DDoS to knock out or weaken sales from other e-retailers, Nexusguard’s chief scientist would only say that it does appear that competitors do attack each other this time of year. That said, more danger appears to be coming from extortion rackets this time of year than from greedy competitors. The usual strategy is to hit an outlet with a DDoS attack (a short one) and then send an e-mail requesting some sort of ransom payment or the attack comes back. A few more blasts might come along to get the target’s attention. “Hackers are aware that the holidays are a prime time for online retailers. Therefore, they would do anything to break through any defenses,” says Gareau. This time of year criminals know that stores and e-retailers are looking to make as much money as possible off traffic. As well, increased traffic makes servers even more vulnerable to DDoS because it means they’re already working at capacity. Attackers see this as low-hanging fruit because first it’s easier and second an e-retailer will lose a great deal of money for even ten minutes of time offline during the sales rush. “One of the most sophisticated attacks focused on the login prompt,” Gareau adds, when asked for an example of how hackers attempt to knock sites offline. “In fact, on Thanksgiving and Christmas last year, we saw a hacker craft specific requests to the login form, preventing visitors from logging on.” Cold advice about DDoS extortion: “…don’t f**ing pay ‘em.” “We expect to see an increase in fraud and extortion, directly linked to DDoS as seen over the last few years,” Gareau says. When it comes to handling the potential of (or ongoing) DDoS attacks, Gareau suggests getting a proper team on board, he works for such a team at Nexusguard after all, but he also has an opinion on extortion and it’s a very simple one: “…And don’t f**ing pay ‘em,” he adds. This year has a perfect example of why paying DDoS extortion is a losing bet. In early November Switzerland-based ProtonMail, a provider of end-to-end encrypted e-mail, was struck by a powerful DDoS attack and the attackers demanded a ransom of $6,000 to relent. (The amount requested was 15 bitcoins, which at the time came out to approximately $5,850.) ProtonMail paid the ransom but then paid the price: the ProtonMail website and service were washed away by a DDoS attack anyway. Paying extortion to make a DDoS attacker go away does not necessarily make them go away. Just like any other criminal enterprise, knowing that a payment will come is a good way to make sure they will come back. Worse, it will fund the criminals to build out or increase their total power, which means they can go after other targets more frequently. In many cases that ransom requested by the criminals behind the DDoS could be paid to an anti-DDoS outfit and used to lessen the impact of the attack. The result is that the criminals get nothing but time wasted firing off their attack tools. Source: http://siliconangle.com/blog/2015/11/27/its-black-friday-do-you-know-who-is-ddosing-your-servers-and-how-to-stop-them/
Read more here:
It’s Black Friday: Do you know who is DDoSing your servers? And how to stop them
A new study conducted by Kasperky Labs and B2B International, has revealed that around one in four IT, telecommunication, and financial services companies have experienced a distributed denial of service (DDoS) attack over the last year. Almost half of the financial businesses understand that they are a prime target for these attacks while IT and telecommunication companies do not believe they are as at risk. This is dangerous because it could leave them more vulnerable to potential attacks. DDoS attacks have grown in popularity amongst cyber criminals and have been used to extort money, disrupt a site’s operation, and serve as a distraction whilst another cyber attack is occurring. 75 per cent of businesses that were victims of DDoS attacks said that the timing of attacks corresponded with other security incidents. Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab said: “As the recent DDoS attacks on telecoms companies and banks reveal, businesses in these sectors represent prime targets for DDoS attackers. In some cases, DDoS attacks are a smokescreen for the cyber-theft or result in exorbitant ransom demands. That is why vulnerable sectors need to be extra-vigilant about security and be ready to deal with DDoS attacks. They need to build their understanding of the threat and choose the best protection against it. The days of DDoS attacks being an operational frustration that just resulted in some downtime are long over.” However the study showed that many companies are unaware of the threat of DDoS attacks and are unclear about how to stop them or contain them. Only 52 per cent of the companies surveyed felt that they had the necessary information regarding the intricacies of these attacks. This could be troublesome as DDoS attacks have become a popular tool among cyber criminals due to their difficulty to trace and ease to implement. Kaspersky Labs does offer DDoS protection to its customers and is able to reroute traffic allowing junk requests to be filtered out while legitimate traffic is forwarded to the site. This allows users to continue using the site or service safely even while an attack is taking place. Source: http://www.itproportal.com/2015/11/26/finance-telco-it-sectors-top-targets-for-ddos-attacks-2015/
View the original here:
Finance, telco and IT sectors were top targets for DDoS attacks in 2015