Author Archives: Enurrendy

Silk Road 2.0 Hit by ‘Sophisticated’ DDoS Attack

Online black market Silk Road 2.0 experienced a distributed denial-of-service (DDoS) attack last week, which forced the site’s administrators to temporarily suspend services. News of the attack broke on bitcoin forums hours after it started, with the Silk Road team soon confirming the news via its own forums. For reasons that are less clear, black market Agora has faced outage issues problems of its own in the last few days. Silk Road remains defiant Silk Road 2.0 moderator ‘Defcon’ issued a statement saying that the site was facing a “very sophisticated” DDoS attack using the most advanced methods the site has experienced to date. The moderator said: “The dev team is working around the clock to get marketplace service restored, as well as watch the security of our systems closely. Much of the downtime you have seen is intentional on our part: if this is an attempt to locate our servers through packet analysis, we do not want to make it easy for our adversary and would rather be offline while we adapt our defences.” As the attack continued, Silk Road 2.0 remained offline. Defcon eventually issued a second update, indicating that the team is trying out different approaches to blocking the inbound DDoS. He stressed that the site is still processing withdrawals, although these have been delayed by the attacks. Silk Road 2.0 is aware that cashflow is very important and the site is therefore prioritising delayed withdrawals, the moderator added. Defcon ended the update on a defiant note: “To our adversaries: you cannot stop us. We will overcome every attack.” Questions persist Silk Road 2.0 vendors started reporting problems earlier last week, before the site was finally forced to shut down. Despite official updates, the outage prompted a number vendors to raise questions about the impact of the attack. Silk Road 2.0 was targeted by hackers in the past: last February, the site lost 4,476 BTC to an alleged hack, worth over $2.6m at the time. The attack was blamed on a transaction malleability exploit used by one of the vendors. The site decided to compensate affected customers and, by late May, it said more than 80% of bitcoins stolen in the alleged heist have been repaid to the victims. The source and goal of the latest attack remains unclear. Speculation is mounting that the attack was in fact launched by law enforcement in an attempt to ascertain the location of Silk Road 2.0 servers, while other users believe the attack was launched by criminals or competitors. Following the February hack, Silk Road 2.0 said it would introduce a multi-signature wallet system to replace its previous escrow platform. A multisig system should be less vulnerable to hackers, but has not been fully implemented yet. Online black market Agora faces outage Silk Road 2.0 is not the only black market suffering outage issues. While Silk Road 2.0 was struggling to restore services, which it eventually did late on Friday, competing market Agora went offline. Agora users started reporting intermittent problems on Saturday. The site was out of action over  much of the weekend and had still not become available by press time  (12:15 BST, Monday). The reason for the outage remains unclear. Earlier this month, Agora confirmed that it was suffering from availability issues on a regular basis. However, the team offered an extensive explanation into the inner workings of the market and the need for security, saying it considers that more important than around-the-clock availability. The Agora team said at the time: “Our primary goal is to stay hidden from law enforcement agencies and secure from hackers. We implement much more security measures than many others, which causes problems with availability.”   Source: http://www.coindesk.com/silk-road-2-0-shrugs-sophisticated-ddos-attack/

Read the article:
Silk Road 2.0 Hit by ‘Sophisticated’ DDoS Attack

How Boston Children’s Hospital Hit Back at Anonymous

Hackers purportedly representing Anonymous hit Boston Children’s Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That – and a little bit of luck – kept patient data safe. On March 20, Dr. Daniel J. Nigrin, senior vice president for information services and CIO at Boston Children’s Hospital, got word that his organization faced an imminent threat from Anonymous in response to the hospital’s diagnosis and treatment of a 15-year-old girl removed from her parent’s care by the Commonwealth of Massachusetts. The hospital’s incident response team quickly convened. It prepared for the worst: “Going dark” – or going completely offline for as long as the threat remained. Luckily, it never came to that. Attacks did occur, commencing in early April and culminating on Easter weekend – also the weekend of Patriot’s Day, a Massachusetts holiday and the approximate one-year anniversary of the Boston Marathon bombings – but slowed to a trickle after, of all things, after a front-page story about the incident ran in The Boston Globe . No patient data was compromised over the course of the attacks, Nigrin says, thanks in large part to the vigilance of Boston Children’s (and, when necessary, third-party security firms). The organization did learn a few key lessons from the incident, and Nigrin shared them at the recent HIMSS Media Privacy and Security Forum. As Anonymous Hit, Boston Children’s Hit Back As noted, the hospital incident response team – not just the IT department’s – planned for the worst. Despite that fact that the information Anonymous claimed to have, such as staff phone numbers and home addresses, is the stuff of “script kiddies,” Nigrin says Children’s took the threat seriously. Attacks commenced about three weeks after the initial March 20 warning. Initially, the hospital could handle the Distributed Denial of Service (DDoS) attacks on its own. Anonymous changed tactics. Children’s responded. The hackers punched. The hospital counterpunched. As the weekend neared, though, DDoS traffic hit 27 Gbps – 40 times Children’s typical traffic – and the hospital had to turn to a third-party for help. The attacks hit Children’s external websites and networks. (Hackers also pledged to hit anyone linked to Children’s – including the energy provider NStar, which played no role in the child custody case at all but sponsors Children’s annual walkathon.) In response, Nigrin took down all websites and shut down email, telling staff in person that email had been compromised. Staff communicated using a secure text messaging application the hospital had recently deployed. Internal systems were OK, he says, so Children’s electronic health record (EHR) system, and therefore its capability to access patient data, wasn’t impacted. In contrast to this internal transparency, Children’s, at the urging of federal investigators, didn’t communicate anything externally. Nonetheless, word got to The Boston Globe , which ran its front-page story on April 23. Nigrin, again, prepared for the worst. He didn’t have to. After the article came out, the Twitter account @YourAnonNews took notice, urging hackers to stop targeting a children’s hospital. Attacks continued, but at a much smaller clip. 6 Quick Tips for Beating Back Hackers In reflecting on the Anonymous attack, Nigrin offers the following security lessons that Boston Children’s learned. DDoS countermeasures are crucial. “We’re not above these kinds of attacks,” Nigrin says. Know which systems depend on external Internet access. As noted, the EHR system was spared, but the e-prescribing system wasn’t. Get an alternative to email. In addition to secure testing, Children’s used Voice over IP communications. In the heat of the moment, make no excuses when pushing security initiatives. Children’s had to shut down email, e-prescribing and external-facing websites quickly. “Don’t wait until it’s a fire drill,” Nigrin says. Secure your teleconferences. Send your conference passcode securely, not in the body of your calendar invite. Otherwise, the call can be recorded and posted on the Internet before you even hang up, he says. Separate signals from noise. Amid the Anonymous attack, several staff members reported strange phone calls from a number listed as 000-000-0000. At the time, it was hard to tell if this was related, and it made the whole incident that much harder to manage. Above all, Nigrin says healthcare organizations need to pay attention to the growing number of security threats the industry faces. “There are far more than we have seen in the past,” he says. Source: http://www.cio.com/article/2682872/healthcare/how-boston-childrens-hospital-hit-back-at-anonymous.html

Read the original:
How Boston Children’s Hospital Hit Back at Anonymous

5 most targeted industries for DDoS attacks

1. Gaming Gaming is the most-targeted industry, according to the report, accounting for more than 45% of total attacks. The industry, which includes any company related to online gaming or gaming-related content, is prone to attacks by motivated players seeking to gain a competitive advantage or by malicious actors seeking to steal personal data from players. The industry received a large percentage of infrastructure layer attacks and a fair percentage of application-layer attacks in Q2, including 46% of all NYN floods and 68% of GET floods. 2. Software and technology The software and technology industry, which includes companies that provide solutions such as SaaS and cloud-based technologies, was hit with the second-greatest number of attacks (22%), and was the most-frequently targeted with infrastructure-layer attacks. The report reveals that the most popular attack vectors against the software and technology industry were DNS and NTP reflection and amplification attacks, accounting for 33% and 26% respectively. SYN floods made up approximately 22% of attacks, and UDP floods accounted for 27%. 3. Media and entertainment The report reveals that the media and entertainment industry accounted for a smaller percentage of all attacks, at 15% in Q2. This marks a 39% decrease from last quarter. Despite this shift, the media and entertainment industry remains one of the most targeted industries for hackers. These attacks often offer higher visibility for malicious actors, with press coverage that helps campaign organizers reach out to supporters and recruit new participants. The media and entertainment industry was hit by mostly infrastructure attacks, including SYN floods (18%), UDP floods (25%) and UDP fragments (22%). 4. Financial services Major financial institutions, such as banks and trading platforms, were targeted in 10% of all attacks in Q2, according to the Prolexic report. Historically, financial institutions have been the target of many DDoS attacks, including those orchestrated by the group Izz ad-Din al Qassam Cyber Fighters (QCF), using the Brobot botnet. The report discloses that recent activity indicates a possible resurgence of the use of the Brobot botnet, but the financial sector did not experience many major attack campaigns this quarter. 5. Internet and telecom Including companies that offer internet-related services such as ISPs and CNDs, the internet and telecom industry was the fifth most-targeted industry in Q2, accounting for 4% of all attacks. Infrastructure-layer attack vectors were the most common, with 10% of all attacks as UPD floods, and 9% as UPD fragments. Internet and telecom was the target of 12% of all NTP flood attacks this quarter. Source: http://www.propertycasualty360.com/2014/09/12/5-most-targeted-industries-for-ddos-attacks?t=tech-management&page=6

Continue Reading:
5 most targeted industries for DDoS attacks

Attackers Compromise Vulnerable Web Servers to Power DDoS Assaults

Attackers are exploiting flaws in Linux and Windows software to turn poorly-maintained Web servers into denial-of-service engines. Web servers based on both Linux and Windows are rapidly being targeted by attackers and turned into server-side botnets capable of high-bandwidth denial-of-service attacks, two security firms stated in recently published analyses. On one hand, attackers are targeting unpatched or poorly-maintained Linux systems, exploiting known vulnerabilities and installing bot software to conscript the computers into a server-side botnet, according to an advisory released on Sept. 4 by Prolexic, a subsidiary of content-delivery provider Akamai. Yet, Windows servers are not immune. A recent attack against a client of Website security firm Sucuri used 2,000 servers to send a flood of packets to the victim’s network. Web servers running on Windows 7 and 8 accounted for almost two-thirds of those systems, the company stated in an advisory. In the past, Sucuri had usually seen traffic from botnets created by consumer desktop and laptop systems, CEO and co-founder Tony Perez told eWEEK. “This was different because of the anatomy of the network,” he said. “Normally, we see attacks coming from notebooks and desktops and PCs, but now Web servers are doing the denial-of-service.” By using Web servers, “the attackers have more horse power available to them, allowing them to have more devastating effect on unsuspecting web sites,” Perez said. Server-side botnets used for denial-of-service attacks first came to light in 2012, when the Izz ad-Din al-Qassam Cyber Fighters targeted financial institutions with massive bandwidth and application-layer attacks in alleged retaliation for the posting of videos to YouTube that were offensive to some Muslims. Rather than using botnets consisting of tens of thousands of consumer desktop systems, the attackers used hundreds to thousands of Web servers instead. While some attackers use vulnerabilities to compromise servers, others have significant success just by trying common passwords. The 2,000 servers that attacked Sucuri’s client sent some 5,000 HTTP requests per second, enough to not just overwhelm the victim’s Web server but the victim’s hosting provider as well. The hosting provider, which Perez declined to name, cut off the company for violating its terms of service, according to Perez. The campaign to create Linux-based DDoS botnets is more extensive, according to Prolexic. The attackers behind the denial-of-service botnet use vulnerabilities in popular Linux software, such as Apache Tomcat, Struts and Elasticsearch, the company said. Once a server is compromised, the attackers upload malware, which creates a copy of itself named .IptabLes or .IptabLex. IPTables is a common firewall and routing package included in most versions of the Linux operating system. “The analysis conducted within the lab environment showed that the binary exhibits DDoS functionality,” Prolexic stated in its alert. “Two functions found inside the binary indicate SYN and DNS flood attack payloads. These DDoS attack payloads are initiated once an attacker sends the command to an infected victim machine.” The botnet created by the campaign has been used to target financial institutions, and in one case, created a DDoS that peaked at 119 Gbps. “This bot seems to be in an early development stage and shows several signs of instability. More refined and stable versions could emerge in future attack campaigns.” The attacks appear to come from Internet addresses in Asia, and two hard-coded addresses contained in the malware binary are in China, according to Prolexic. Source: http://www.eweek.com/security/attackers-compromise-vulnerable-web-servers-to-power-ddos-assaults.html

Taken from:
Attackers Compromise Vulnerable Web Servers to Power DDoS Assaults

Webmin hole allows attackers to wipe servers clean

No RCE, but lots of Unix DDoS fun Holes in the Webmin Unix management tool – thankfully since patched – could allow attackers to delete data on servers, says security researcher John Gordon of the University of Texas.…

Visit site:
Webmin hole allows attackers to wipe servers clean

Use home networking kit? DDoS bot is BACK… and it has EVOLVED

OMG, it reconfigures your firewall… SAVE yourselves, Linux lords A router-to-router bot first detected two years ago has evolved – and now has the capability to reconfigure the firewalls of its victims.…

Excerpt from:
Use home networking kit? DDoS bot is BACK… and it has EVOLVED

WEBINAR – The Ultimate DDoS Info Session

DOSarrest and HOSTING partner together to help you understand the details of DDoS attacks – how they are executed, what they typically targets and how to quickly and efficiently recovered when you fall victor. It will be an interactive and informative session as all attendees will have a chance to participate in and defend against a DDoS attack in Real-Time and see its effects on a live website. Click here to register today!

Taken from:
WEBINAR – The Ultimate DDoS Info Session

DDoS reflection/amplification attacks disrupting ISP networks

Attacks being used by gamers to settle disputes and by people with rudimentary hacking skills to target companies Reflection/amplification distributed denial of service (DDoS) attacks have now become so large that entire ISP networks are getting disrupted, says a networking security expert. Arbor Networks senior security engineering & response team (ASERT) analyst Roland Dobbins told Computerworld Australia that DDoS attacks are being used by gamers to settle disputes and by people with rudimentary hacking skills to target companies. “The main characteristic of these attacks is that they are huge. The biggest one we have seen so far was 400Gb/s. Because these attacks are so large, they fill up the pipes of Internet service providers [ISPs], the peering and transit links,” he said. According to Dobbins, the attacks are possible because many ISPs and enterprise networks have not implemented universal anti spoofing measures. “The way these [DDoS] attacks work is that the attacker will try to get control of a computer on a network that does not enforce IP source validation. [The attacker] spoofs the IP address of his target and sends a bunch of queries to a misconfigured server.” The misconfigured server answers these queries and “pummels” the target of the attack with unsolicited responses, he said. “It’s as if I called up 20 pizza parlours in Sydney, pretended to be someone else and ordered a lot of large pizzas to be delivered to that person.” The largest reflection/amplification DDoS attack recorded in Australia by Arbor Networks staff was 62Gb/s, he said. The attack, which took place in early 2014, appeared to be triggered by an online gaming dispute. “Since October 2013, there has been an explosion in these attacks that online gamers use. One player gets a grudge against another and decides to be unsportsman like and resort to a DDoS attack. It’s like using a nuclear weapon to solve a playground dispute,” he said. Dobbins had three tips for ISPs to avoid reflection/amplification DDoS attacks. The first was that ISPs should enforce anti-spoofing or source address validation at the edges of their network. “The second thing they [ISPs] can do is make sure they utilise flow telemetry analysis from routers and switches. This provides real time visibility into network traffic. When these attack floods traverse their network, they can detect it and trace it back [to the source] immediately,” he said. “The third thing they need to do is implement reaction and mitigation mechanisms. One of these is called an intelligent DDoS mitigation system [IDMS].” “If they have these reaction and mitigation tools to deal with this attack traffic, they will be in a much better position to deal with these events and minimise disruption,” said Dobbins. Source: http://www.computerworld.com.au/article/554558/ddos-reflection-amplification-attacks-disrupting-isp-networks-analyst/

Read the original post:
DDoS reflection/amplification attacks disrupting ISP networks