Category Archives: DDoS Criminals

$50m deal to keep government websites going in a cyber attack

Six firms have won a multimillion- dollar bulk tender as Singapore further tightens its defence against sophisticated attacks that aim to disable government websites. The Straits Times understands that the three-year bulk contract which started yesterday is worth about $50 million – around twice the value of the last three-year contract which has lapsed. The deal comes on the heels of StarHub’s broadband outage last year linked to a cyber attack in the United States, and the theft of the personal details of 850 national servicemen and staff at the Ministry of Defence (Mindef), discovered in February. The six contractors awarded the contract by GovTech are local telcos Singtel and StarHub, Britain- based telco BT, and Singapore- based tech firms CHJ Technologies, Evvo Labs and Embrio Enterprises. The six firms are expected to keep government websites fully available to the public even when attacks are taking place. This is done by providing distributed denial of service (DDoS) mitigation services, which will now take into account the threats that took down United States Internet firm Dyn’s services in October last year. Dyn’s service outage, which took down websites such as The New York Times and Spotify, in turn disrupted Web surfing for StarHub’s broadband customers. DDoS attacks work by having thousands of infected computers accessing and overwhelming a targeted site, causing a huge spike in traffic. DDoS mitigation is a set of techniques that differentiates genuine incoming traffic from that sent by hijacked, infected browsers, so that services to genuine users will not be denied. According to tender documents seen by ST, the contractors are also expected to provide new capabilities to combat attacks stemming from software flaws on Internet-facing machines. In early February, Mindef discovered that a vulnerability in its I-net system had been exploited, resulting in the loss of NRIC numbers, telephone numbers and birth dates of 850 personnel. The I-net system provides Mindef staff and national servicemen with Internet access on thousands of dedicated terminals. Cloud security services firm Akamai Technologies’ regional director of product management Amol Mathur said that the new DDoS mitigation capabilities are necessary in an evolving threat landscape where large-scale attacks are being powered by compromised Internet devices such as Web cameras and routers. Dr Chong Yoke Sin, chief of StarHub’s enterprise business group, said it will provide the Singapore Government with its telco- centric security operations as well as the cloud-based mitigation services of its technology partner Nexusguard. Mr Jason Kong, co-founder of Toffs Technologies, the supplier of content delivery back-up services for Embrio Enterprises, said: “Organisations should have a content delivery back-up plan to ensure business is as usual should the main delivery platform suffer an outage.” Last week, the Nanyang Tech- nological University solicited a separate DDoS contract with more stringent requirements to com- bat attacks stemming from software flaws on Internet-facing machines. The university discovered in April this year that it was the victim of an apparent state-sponsored attack aimed at stealing government and research data. The National University of Singapore was similarly attacked at around the same time. Last year, an unnamed government agency also became the victim of a state-sponsored attack, the Cyber Security Agency of Sin- gapore said in a report released last Thursday. Source: http://www.straitstimes.com/tech/50m-deal-to-keep-govt-websites-going-in-a-cyber-attack

Taken from:
$50m deal to keep government websites going in a cyber attack

DDoS protection, mitigation and defense: 7 essential tips

Protecting your network from DDoS attacks starts with planning your response. Here, security experts offer their best advice for fighting back. DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. With that in mind we’ve assembled some essential advice for protecting against DDoS attacks. 1. Have your DDoS mitigation plan ready Organizations must try to anticipate the applications and network services adversaries will target and draft an emergency response plan to mitigate those attacks. [ Find out how DDoS attacks are evolving and bookmark CSO’s daily dashboard for the latest advisories and headlines. | Sign up for CSO newsletters. ] “Enterprises are paying more attention to these attacks and planning how they’ll respond. And they’re getting better at assembling their own internal attack information as well as the information their vendors are providing them to help fight these attacks,” says Tsantes. IBM’s Price agrees. “Organizations are getting better at response. They’re integrating their internal applications and networking teams, and they know when the attack response needs to be escalated so that they aren’t caught off guard. So as attackers are becoming much more sophisticated, so are the financial institutions,” she says. “A disaster recovery plan and tested procedures should also be in place in the event a business-impacting DDoS attack does occur, including good public messaging. Diversity of infrastructure both in type and geography can also help mitigate against DDoS as well as appropriate hybridization with public and private cloud,” says Day. “Any large enterprise should start with network level protection with multiple WAN entry points and agreements with the large traffic scrubbing providers (such as Akamai or F5) to mitigate and re-route attacks before they get to your edge.  No physical DDoS devices can keep up with WAN speed attacks, so they must be first scrubbed in the cloud.  Make sure that your operations staff has procedures in place to easily re-route traffic for scrubbing and also fail over network devices that get saturated,” says Scott Carlson, technical fellow at BeyondTrust. 2. Make real-time adjustments While it’s always been true that enterprises need to be able to adjust in real-time to DDoS attacks, it became increasingly so when a wave of attacks struck many in the financial services and banking industry in 2012 and 2013, including the likes of Bank of America, Capital One, Chase, Citibank, PNC Bank and Wells Fargo. These attacks were both relentless and sophisticated. “Not only were these attacks multi-vector, but the tactics changed in real time,” says Gary Sockrider, solutions architect for the Americas at Arbor Networks. The attackers would watch how sites responded, and when the site came back online, the hackers would adjust with new attack methods. “They are resolute and they will hit you on some different port, protocol, or from a new source. Always changing tactics,” he says. “ Enterprises have to be ready to be as quick and flexible as their adversaries.” 3. Enlist DDoS protection and mitigation services John Nye, VP of cybersecurity strategy at CynergisTek explains that there are many things enterprises can do on their own to be ready to adjust for when these attacks hit, but enlisting a third-party DDoS protection service may be the most affordable route. “Monitoring can be done within the enterprise, typically in the SOC or NOC, to watch for excessive traffic and if it is sufficiently distinguishable from legitimate traffic, then it can be blocked at the web application firewalls (WAF) or with other technical solutions. While it is possible to build a more robust infrastructure that can deal with larger traffic loads, this solution is substantially costlier than using a third-party service,” Nye says. Chris Day, chief cybersecurity officer at data center services provider Cyxtera, agrees with Nye that enterprises should consider getting specialty help. “Enterprises should work with a DDoS mitigation company and/or their network service provider to have a mitigation capability in place or at least ready to rapidly deploy in the event of an attack.” “The number one most useful thing that an enterprise can do — if their web presence is  that  critical to their business — is to enlist a third-party DDoS protection service,” adds Nye. “I will not recommend any particular vendor in this case, as the best choice is circumstantial and if an enterprise is considering using such a service they should thoroughly investigate the options.” 4. Don’t rely only on perimeter defenses Everyone we interviewed when reporting on the DDoS attacks that struck financial services firms a few years ago found that their traditional on-premises security devices — firewalls, intrusion-prevention systems, load balancers —were unable to block the attacks. “We watched those devices failing. The lesson there is really simple: You have to have the ability to mitigate the DDoS attacks before it gets to those devices. They’re vulnerable. They’re just as vulnerable as the servers you are trying to protect,” says Sockrider, when speaking of the attacks on banks and financial services a few years ago. Part of the mitigation effort is going to have to rely on upstream network providers or managed security service providers that can interrupt attacks away from the network perimeter. It’s especially important to mitigate attacks further upstream when you’re facing high-volume attacks. “If your internet connection is 10GB and you receive a 100GB attack, trying to fight that at the 10GB mark is hopeless. You’ve already been slaughtered upstream,” says Sockrider. 5. Fight application-layer attacks in-line Attacks on specific applications are generally stealthy, much lower volume and more targeted. “They’re designed to fly under the radar so you need the protection on-premises or in the data center so that you can perform deep-packet inspection and see everything at the application layer. This is the best way to mitigate these kinds of attacks,” says Sockrider. “Organizations will need a web protection tool that can handle application layer DoS attacks,” adds Tyler Shields, VP of Strategy, Marketing & Partnerships at Signal Sciences. “Specifically, those that allow you to configure it to meet your business logic. Network based mitigations are no longer going to suffice,” he says. Amir Jerbi, co-founder and CTO is Aqua Security, a container security company, explains how one of the steps you can take to protect against DDoS attacks is to add redundancy to an application by deploying it on multiple public cloud providers. “This will ensure that if your application or infrastructure provider is being attacked then you can easily scale out to the next cloud deployment,” he says. 6. Collaborate The banking industry is collaborating a little when it comes to these attacks. Everything they reveal is carefully protected and shared strictly amongst themselves, but in a limited way, banks are doing a better job at collaborating than most industries . “They’re working among each other and with their telecommunication providers. And they’re working directly with their service providers. They have to. They can’t just work and succeed in isolation,” says Lynn Price, IBM security strategist for the financial sector. For example, when the financial services industry was targeted, they turned to the Financial Services Information Sharing and Analysis Center for support and to share information about threats. “In some of these information-sharing meetings, the [big] banks are very open when it comes to talking about the types of attacks underway and the solutions they put into place that proved effective. In that way, the large banks have at least been talking with each other,” says Rich Bolstridge, chief strategist of financial services at Akamai Technologies. The financial sector’s strategy is one that could and should be adopted elsewhere, regardless of industry. 7. Watch out for secondary attacks As costly as DDoS attacks can be, they may sometimes be little more than a distraction to provide cover for an even more nefarious attack. “DDoS can be a diversion tactic for more serious attacks coming in from another direction. Banks need to be aware that they have to not only be monitoring for and defending the DDoS attack, but they also have to have an eye on the notion that the DDoS may only be one aspect of a multifaceted attack, perhaps to steal account or other sensitive information,” Price says. 8. Stay vigilant Although many times DDoS attacks appear to only target high profile industries and companies, research shows that’s just not accurate. With today’s interconnected digital supply-chains (every enterprise is dependent on dozens if not hundreds of suppliers online), increased online activism expressed through attacks, state sponsored attacks on industries in other nations, and the ease of which DDoS attacks can be initiated, every organization must consider themselves a target. So be ready, and use the advice in this article as a launching point to build your organization’s own anti-DDoS strategy. Source: https://www.csoonline.com/article/2133613/network-security/malware-cybercrime-ddos-protection-mitigation-and-defense-7-essential-tips.html

More:
DDoS protection, mitigation and defense: 7 essential tips

How Artificial Intelligence Will Make Cyber Criminals More ‘Efficient’

The era of artificial intelligence is upon us, though there’s plenty of debate over how AI should be defined much less whether we should start worrying about an apocalyptic robot uprising. The latter issue recently ignited a highly publicized dispute between Elon Musk and Mark Zuckerberg, who argued that it was irresponsible to “try to drum up these doomsday scenarios”. In the near-term however, it seems more than likely that AI will be weaponized by hackers in criminal organizations and governments to enhance now-familiar forms of cyberattacks like identity theft and DDoS attacks. A recent survey has found that a majority of cybersecurity professionals believe that artificial intelligence will be used to power cyberattacks in the coming year. Cybersecurity firm Cylance conducted the survey at this year’s Black Hat USA conference and found that 62 percent of respondents believe that “there is high possibility that AI could be used by hackers for offensive purposes.” Artificial intelligence can be used to automate elements of cyber attacks, making it even easier for human hackers (who need food and sleep) to conduct a higher rate of attacks with greater efficacy, writes Jeremy Straub, an assistant professor of computer science at North Dakota State University who has studied AI-decision making. For example, Straub notes that AI could be used to gather and organize databases of personal information needed to launch spearphishing attacks, reducing the workload for cybercriminals. Eventually, AI may result in more adaptive and resilient attacks that respond to the efforts of security professionals and seek out new vulnerabilities without human input. Rudimentary forms of AI, like automation, have already been used to perpetrate cyber attacks at a massive scale, like last October’s DDoS attack that shut down large swathes of the internet. “Hackers have been using artificial intelligence as a weapon for quite some time,” said Brian Wallace, Cylance Lead Security Data Scientist, to Gizmodo . “It makes total sense because hackers have a problem of scale, trying to attack as many people as they can, hitting as many targets as possible, and all the while trying to reduce risks to themselves. Artificial intelligence, and machine learning in particular, are perfect tools to be using on their end.” The flip side of these predictions is that, even as AI is used by malicious actors and nation-states to generate a greater number of attacks, AI will likely prove to be the best hope for countering the next generation of cyber attacks. The implication is that security professionals need to keep up in their arms race with hackers, staying apprised of the latest and most advanced attacker tactics and creating smarter solutions in response. For the time being, however, cyber security professionals have observed hackers sticking to tried-and-true methods. “I don’t think AI has quite yet become a standard part of the toolbox of the bad guys,” Staffan Truvé, CEO of the Swedish Institute of Computer Science said to Gizmodo . “I think the reason we haven’t seen more ‘AI’ in attacks already is that the traditional methods still work—if you get what you need from a good old fashioned brute force approach then why take the time and money to switch to something new?” Source: https://www.idropnews.com/news/fast-tech/artificial-intelligence-will-make-cyber-criminals-efficient/49575/

See original article:
How Artificial Intelligence Will Make Cyber Criminals More ‘Efficient’

Global DDoS mitigation market trends and developments

Frost & Sullivan found that the DDoS mitigation market generated a revenue of $816 million in 2016 and is expected to register a CAGR of 17.1 percent through 2021. Threat actors’ continuous development of new techniques to overwhelm their target’s defenses and improve effectiveness of their DDoS attacks in terms of scale, frequency, stealth, and sophistication, are factors driving rapid growth. DDoS attacks are on the rise Attacks have become more extensive and are testing … More ?

Visit site:
Global DDoS mitigation market trends and developments

Top tip, hacker newbs: Don’t use the same Skype ID for IoT bot herding and job ads

To be fair, the kid is only 13 A teenage tearaway with a passion for building botnets was apparently caught using the same Skype ID he used for hacking activities when applying for jobs.…

See the original article here:
Top tip, hacker newbs: Don’t use the same Skype ID for IoT bot herding and job ads

Application layer DDoS attacks rising

Application layer distributed denial of service (DDoS) attacks are on the rise, and organizations must protect themselves from this uptick in application layer attacks and from the overall scourge of multi-vector DDoS attacks. The size, scope and sophistication of distributed denial of service (DDoS) attacks continue to grow at an alarming rate – some recent DDoS attacks have exceeded 1 Tbps, making them the largest on record – but it’s not just the large-scale attacks that can threaten your applications and your business. Despite the perceived spike in DDoS attack size, the average DDoS attack peaked at 14.1 Gbps in 2017’s first quarter, according to Verisign’s DDoS Trends Report (Note: Verisign is an A10 Networks Security Alliance Partner). While that average attack size seems minuscule in comparison to the colossal, record-breaking attacks of late last year, DDoS attacks that target the application layer tend to be smaller and can go unnoticed until it’s too late. These types of attacks are often referred to as “slow-rate” or “low and slow” attacks, meaning they target applications in a way that they look like actual requests from users until they become overburdened and can no longer respond. Application layer attacks, or layer 7 attacks as they’re often called, are typically part of a multi-vector DDoS attack target not only applications, but also the network and bandwidth. The Verisign report estimates that 57 percent of DDoS attacks in Q1 2017 were multi-vector as opposed to single vector attacks. The most common types of application layer DDoS attacks include those targeting DNS services, HTTP and HTTPS. And like other types of DDoS attacks, they have one goal: to take out an application, a website or an online service. According to Imperva’s Q1 2017 Global DDoS Threat Landscape Report, application layer attacks are on the rise. The report found that application layer DDoS attacks reached an all-time high of 1,099 attacks per week in the second quarter of 2017, a rise of 23 percent over the previous quarter’s 892. One reason for the uptick in application layer attacks is the Mirai malware. According to Threat Post, a new variant of Mirai is being used to launch application layer attacks. While Mirai originally carried out Layer 2 and 3 DDoS attacks, some of the more recent Mirai-fueled DDoS attacks, including a 54-hour assault against a U.S. college, are aimed squarely at Layer 7. “Looking at the bigger picture, this variant of Mirai might be a symptom of the increased application layer DDoS attack activity we saw in the second half of 2016,” Imperva’s Dima Bekerman wrote. “That said, with over 90 percent of all application layer assaults lasting under six hours, an attack of this duration stands in a league of its own.” Application layer DDoS attacks becoming shorter in duration – the 54-hour onslaught against the college being an exception to that rule – but are growing in frequency, complexity and persistence. That means attackers target a web server, or an application server, and flood it with just enough traffic to knock it offline. In the case of a web server, it’s sending hundreds to thousands of HTTP requests per second that the server just can’t handle – and BOOM! – the site or service is gone. Because of this, application layer attacks are less expensive for threat actors to carry out and are perceived as harder for security solutions to detect than attacks aimed at the network layer. So how do you protect your applications from this uptick in application layer attacks and from the overall scourge of multi-vector DDoS attacks? Businesses require a high-performance, surgical multi-vector DDoS protection. It’s imperative that a DDoS solution not only detects, but also mitigates attacks large and small – from megabit to terabit in size – including application, volumetric, protocol, resource and IoT-based attacks. A DDoS defense solution should also be able to be deployed in proactive and reactive mode, depending on a business’s preference, to ensure appropriate protection. The right DDoS defense solution not only protects your application layer from attacks, but also your network layer and other vectors, ultimately helping your organization avoid falling victim to a damaging DDoS attack. Source: https://www.csoonline.com/article/3222824/network-security/application-layer-ddos-attacks-rising.html

Read the article:
Application layer DDoS attacks rising

Bigger Online Super Series Cancelled due to DDoS Attacks

The Winning Poker Network has cancelled the third leg of its OSS Cub3d series – the Bigger Online Super Series – due to the threat of further DDoS attacks. The Winning Poker Network´s Bigger Online Super Series (BOSS) was scheduled to be a superb finale to a hugely successful three-tiered OSS Cub3d tournament series. The series had started incredibly well, with events in the Mini Online Super Series beating their guarantees by an average of 67% and the “meat in the sandwich” – the Online Super Series – performing much better than had been expected . However, towards the end of last week, a series of DDoS attacks disrupted the series. Connection issues resulted in the cancellation of tournaments – not only the feature events in the Online Super Series, but also many qualifying satellites for the Million Dollar Sunday. Fortunately, the Million Dollar Sunday event was able to go ahead but, due to fears of further disruption, the Winning Poker Network has decided to cancel the remaining events in the OSS Cub3d schedule. New OSS Cub3d Series Scheduled for Later this Month Announcing the cancellation of the Bigger Online Super Series via the Americas Cardroom Twitch stream, the Winning Poker Network´s CEO – Phil Nagy – explained that the measures needed to be put in place to mitigate the threat of further DDoS would not be completed by Wednesday (the start date for the Bigger Online Super Series). He said rather than risk further frustration and disappointment , he was cancelling the series and rescheduling it for later in the month. Rather than just run the seventeen events cancelled from this week, the Winning Poker Network´s CEO announced a whole new OSS Cub3d series that will run from September 24th to October 22nd and feature two Million Dollar Sunday events – one with a half-price buy-in of just $265.00. Nagy said he would also honour the current finishing positions in the OSS Cub3d leaderboard promotion and give Punta Cana Poker Classic packages to the players occupying the top three positions. New Software and Updated Servers will Help Mitigate DDoS Threat Nagy is confident the rescheduled OSS Cub3d series will be able to go ahead without players suffering the disconnection issues that disrupted last weekend´s events. Within two weeks, new software will be released on updated servers that should be able to withstand DDoS attacks . The long-awaited WPN V2 poker client should also provide players with a more enjoyable online poker experience as many of the bugs that exist with the current version of the software have reportedly been fixed. Nagy also announced the Americas Cardroom mobile app is due to be released next week. First put into development in January, and expected to take between nine and twelve weeks, the app will support games of Jackpot Poker and Sit & Go 2.0 . It is not known whether the app will be available for all skins on the Winning Poker Network so, players wanting to play these games on the go may have to create an account with Americas Cardroom in order to access them. Bad Pelican Takes Million Dollar Sunday for $269,800 The fact that the Million Dollar Sunday event was able to go ahead last weekend was good news for “Bad Pelican”. The infrequent visitor to the Winning Poker Network topped a field of 2,698 to collect the $269,800 first prize after fourteen hours of play . The massive field ensured the million dollar guarantee was met and, in total, 405 players cashed in the event. The volume of players on the Winning Poker Network also ensured guarantee-busting prize pools for most of the weekend´s tournaments. Hopefully the next OSS Cub3d series should go without a hitch. As sites on the Winning Poker Network continue to add new features and player benefits, there will be huge expectations for the next OSS Cub3d series , and it will be a huge disappointment – not least for CEO Phil Nagy – if any of the tournaments have to be cancelled due to DDoS attacks or other connection issues. Source: http://www.pokernewsreport.com/bigger-online-super-series-cancelled-due-to-ddos-attacks-21870

Link:
Bigger Online Super Series Cancelled due to DDoS Attacks

#CLOUDSEC2017: DDoS: Large Attacks Shake the Internet but Modest Attacks Cause More Business Damage

Speaking at CLOUDSEC 2017 today Ashley Stephenson, CEO of Corero, explored innovation in DDoS mitigation and ways to defeat the modern day DDoS attack. Stephenson said that whilst, in the last five years, there have been various large-scale DDoS attacks that have made national or even global headline news, these are not good examples of the types of attacks that companies are suffering from day-to-day. Instead, he explained that it is the frequent, modestly sized, short duration modern DDoS attacks that are the real problem as they actually cause organizations the most damage regularly, and it’s those types of attacks that businesses should be focusing on. “The headline-grabbing attacks aren’t always the ones that you really have to worry about with regards to improving your security posture for your business,” Stephenson argued. “Those high-profile attacks are really just the tip of the iceberg. There is much more activity that ends up in real terms doing more harm to businesses below the waterline. If you’re not doing something today to protect your business against these types of threats, then you are exposed.” The reality is, he added, protecting against the everyday types of attacks is something you can do a lot about and you can inform yourselves much more clearly about the consequences and the types of vectors being used through the use of good technology products that are aimed at DDoS specifically. “The very large, internet-overpowering events that occur might make the internet itself creak in certain geographies or services, but there’s very little you can do as an individual corporation to deal with those issues,” Stephenson concluded. Source: https://www.infosecurity-magazine.com/news/cloudsec2017-ddos-large-attacks/

See the original post:
#CLOUDSEC2017: DDoS: Large Attacks Shake the Internet but Modest Attacks Cause More Business Damage

Week in review: Cyber threat hunting, Android DDoS botnet, drone bug bounty

Here’s an overview of some of last week’s most interesting news, podcasts and articles: New, custom ransomware delivered to orgs via extremely targeted emails Ransomware campaigns are usually wide-flung affairs: the attackers send out as many malicious emails as possible and hope to hit a substantial number of targets. But more targeted campaigns are also becoming a trend. Getting a start on cyber threat hunting We live in a world where the adversaries will persist … More ?

View article:
Week in review: Cyber threat hunting, Android DDoS botnet, drone bug bounty

Alleged UK Bank Hacker Extradited From Germany

U.K. officials have extradited the man who allegedly masterminded a cyberattack earlier this year that impacted two of England’s biggest banks. They have accused 29-year-old Daniel Kaye, who was found in Germany, of using an infected computer network to damage and blackmail both Barclays and Lloyds Banking Group, The Financial Times  reported. Following the cyberattack, Lloyds found its digital services crippled on and off for over 48 hours in January 2017, preventing some customers from being able to check their bank balances or send out payments via the network. The assault was a distributed “denial of service” (DDoS) attack, which overwhelms a firm’s website so its services don’t operate properly. The same month, Barclays fought off their own cyberattack, according to the National Crime Agency. These cybercrime attacks occurred just months following a high-profile cyberattack against Tesco Bank that caused 9,000 people to have their money stolen from accounts. HSBC also saw an attack against its personal banking website and mobile app in 2016, causing thousands of customers to be locked out of their accounts. “The investigation leading to these charges was complex and crossed borders,” said Luke Wyllie, the National Crime Agency’s senior operations manager. “Our cybercrime officers have analyzed reams of data on the way. Cybercrime is not victimless, and we are determined to bring suspects before the courts,” the  Financial Times reported. Daniel Kaye is also being accused of operating a cyberattack against Liberia’s largest internet provider, Lonestar MTN. Kaye is scheduled to appear in the U.K.’s Westminster Magistrates Court on Aug. 31. “In January, we were the target of a substantial distributed denial of service (DDoS) attack,” Lloyds Banking Group said in remarks according to news by the  Financial Times . “This was successfully defended but resulted in intermittent and temporary service issues for some customers. There was no attempt to access the bank’s systems and no customer details or accounts were compromised.” Source: http://www.pymnts.com/news/security-and-risk/2017/cybercriminal-daniel-kaye-extradited-following-ddos-cyberattacks/

Read More:
Alleged UK Bank Hacker Extradited From Germany