Imperva released its September Hacker Intelligence report, which details the latest methods deployed by hackers to execute DDoS attacks by analyzing the technical tools and trends employed during mult…
Read more here:
Deconstructing hacktivist operations and tools
Aargh, cap’n, the server be like to founder Cybercrooks behind the resilient Pushdo botnet are bombarding legitimate small websites with bogus traffic in order to camouflage requests to the zombie network’s command and control servers.…
See the original article here:
Pushdo botnet’s smokescreen traffic hits legitimate websites
Over the last few months, I’ve started to see a common refrain from new customers coming onboard, indicating that they were getting DDOS’d with an SQL injection and needed protection. Each of these customers would describe different circumstances and impact to their websites, and the only similarity was that they all had backend databases to their websites. It made me take a deeper look into the attacks targeting some of these customers, to see if there was more to SQL injection than what the current understanding indicates. Here’s what I discovered as the most common methods for attacking a website database a) Crafted Code Injection – this technique falls within the conventional understanding, where an attacker will inject SQL statements via user input, cookies or server variables, in an attempt to have the rogue command passed to the backend database. If the database is not secured properly, the command may get successfully executed and lead to devastating results (eg. Dump of the database, data corruption, shutdown, etc.) b) Resource Exhaustion –arguments and commands are passed at a high enough frequency to simply overwhelm the database so it cannot process legitimate transactions. The illegitimate arguments that are being passed may be invalid or just nonsensical, and therefore not executed upon, but they still require the database to review the input before discarding. By injecting a flood of these types of requests, the CPU load of the backend database starts to increase to the point it stops responding. What we’ve seen with the Resource Exhaustion style attacks is that it often doesn’t take much in terms of packets or bits per second to make some of these database servers keel over. For those of you familiar with UDP/ICMP/SYN floods, which can be 10+ Gb/s and millions of packets per second (pps), you’ll be surprised to hear that Resource Exhaustion SQL Injections can be small as 200 kb/s as well as being only a few hundred pps, to debilitate a database and effectively bring a site down. Regardless of what attack technique is employed, we here at DOSarrest have been able to keep customers databases operational and intact under our protection. With our ability to mitigate these types of incursions, by employing features such as: i) Managing Arguments – checking and sanitizing which arguments get passed through to our customer ii) User Agent Verification – validation of http header fields to ensure that request are coming from an accepted list of browsers iii) Client Validation – proprietary algorithm ensuring that a visitor to a site is in fact a real user session iv) Connection Rate Limiting – discarding connections from sources that trip custom defined thresholds as well as many more, we are able to provide solutions unique to each customers setup and requirements. While we have been extremely successful in helping out our customers during these attacks, we still advise our customers to take preventative measures and use best case practices in designing their website code. In the next article, our Security Operations Manager, Sean Power, will be providing some useful tips and tricks in designing secure connections from your website to your backend database Jag Bains CTO DOSarrest Internet Security
Original post:
Tactics of an SQL Injection Attack
Microsoft's Digital Crimes Unit has disrupted the functioning of yet another botnet by effecting a takedown of a domain which was also hosting over 500 different strains of malware and has been linked…
Excerpt from:
Microsoft's study into unsecure supply chains leads to botnet disruption
GoDaddy, on of the biggest and most popular Internet domain registrars and web hosting companies in the world, has suffered an outage on Monday that left many of its customers' websites temporarily av…
Read the original:
Millions of GoDaddy sites go offline due to alleged DDoS attack
Joshua Schichtel was sentenced to 30 months in prison for selling command-and-control access to and use of thousands of malware-infected computers. In addition to his prison term, Schichtel was ordere…
Originally posted here:
Arizona man goes to prison for selling access to botnets
Denial of service (DoS) and distributed denial of service (DDoS) attacks are increasingly common phenomena, used by a variety of actors—from activists to governments—to temporarily or indefinitely pre…
Read this article:
DDoS attacks protection advice from the EFF
Bambuser came under a distributed denial-of-service attack on Thursday morning, possibly in connection with a user’s coverage of the Ecuadorian embassy where Wikileaks founder Julian Assange is holed up. The connection is not certain, but Bambuser’s Swedish proprietors say they had received threatening tweets just prior to the attack. Bambuser chief Jonas Vig told ZDNet that the DDoS took the service down for “almost an hour” and made it “hard to reach for another hour”. Bambuser lets people stream live video from their smartphones to the web. It has become very popular with activists and protestors, from the Occupy movement to Russia and Syria. The service has come under attack before, with the attacks generally coinciding with marches and protests that are being covered on Bambuser. The stream that appears to have solicited the DDoS is that of ‘citizen journalist’ James Albury, who has stationed himself outside the Ecuadorian embassy in London. Julian Assange has been inside the embassy since June, and the Ecuadorian government is set to announce its decision regarding his asylum bid later on Thursday. A diplomatic row erupted overnight, after Ecuador accused UK authorities of preparing to storm the embassy. Assange is wanted for questioning in Sweden over sexual coercion and rape allegations, and the UK wants to extradite him there under a European Arrest Warrant. Vig explained that the tweets Bambuser had received were not of the ‘tango down’ variety, but they did indicate that “it was someone aiming the attack directly at some specific users of ours”. “We still don’t want to speculate who was behind it, but there’s some indication it was directly aimed at blocking the streams from the embassy,” he added. “It was quite a serious attack,” Vig said. “We consider all DDoSes as serious.” A new anti-Wikileaks hacker, or group of hackers, called Antileaks has suggested on Twitter that he, she or they might be responsible for the DDoS. For fast DDoS protection against your e-commerce website click here . Source:
View the original here:
Bambuser Distributed Denial of Service ‘DDoS’ attack may be connected with Assange embassy stream
Never heard of a DDoS attack? Small companies that do business online ought to learn about this growing online threat — and figure out how they’ll respond should one ever hit them. Consider what happened to Los Angeles-based business-planning publishing and advisory company Growthink. Last September, a surprise flood of bogus traffic knocked its website off the internet for several days. Growthink turned to its hosting firm for help, only to have its website sidelined so other sites wouldn’t be collateral damage. It finally recovered by hiring a DDoS-protection firm, BlockDos, to filter out the bad traffic. Then it moved to a new hosting service, Rackspace, so it would be better prepared next time. “It was pretty intense,” says Kevin McGinn, Growthink’s IT director. “We had no idea why we were being singled out.” Growthink had suffered a “distributed denial-of-service” attack. In a DDoS attack, legitimate site visitors are denied access by hackers who immobilize the site either with a flood of bogus internet traffic or a surgical strike that exhausts the resources of a specific web application. Successful attacks can cripple business operations. Growthink estimates its website outage erased $50,000 in revenue. As Growthink discovered, it isn’t always clear who’s out to get you. Experts say e-commerce outfits and other businesses that rely heavily on the web for their livelihoods are most at risk. Smaller companies are most often attacked by unscrupulous competitors and extortionists, although disgruntled former employees, vandals and “hacktivists,” or hackers with a political agenda, are also known culprits. With both the number and ferocity of attacks rising, DDoS incidents are a growing threat. In the last year, CloudFlare, a San Francisco cloud-based web performance and security firm, said it has seen a 700 percent rise in DDoS traffic. Small companies are increasingly finding themselves in the crosshairs, experts say, as the cost of mounting attacks drops and large companies get better at stopping them. Attackers can rent “botnets” of 1,000 hijacked malware-infected home PCs capable of taking down sites of most small-to-medium-sized businesses for only $400 a week, according to Incapsula, a competitor to CloudFlare that’s a subsidiary of security firm Imperva, both of Redwood Shores, Calif. Even modest extortionists can profit. Australian e-commerce company Endless Wardrobe received an email in May demanding $3,500 via Western Union. When the firm didn’t comply, its site was knocked offline for a week by a torrent of bogus visits. The downtime cut revenue by at least the amount of the demanded ransom. Here are tips on how to survive if you find your business under a DDoS attack, too. Find a hosting service or ISP that will help. Many hosting services put large numbers of small websites on the same servers to boost efficiency. That’s fine until one site is attacked and the hosting company takes it offline so other customers on the server aren’t hurt as well. Check your contracts and speak with your hosting service or internet service provider, or ISP, to find out what it will do if you come under attack. Will it help you stop the attack and recover, and if so, at what cost? Will it send you a giant bill because an attack generated a ton of extra traffic to your site? A growing number of these service providers are offering security features, including DDoS protection, as a way to differentiate themselves in a crowded market. Such companies, which often employ technology from specialists such as Arbor Networks, include Firehost, Rackspace and iWeb. Hire Help. Companies that provide website acceleration services also often help fend off DDoS attacks. For instance, CloudFlare provides a free basic level of DDoS protection that it says will stop most attacks, and two tiers of service at $20 and $200 a month that can stop larger attacks. Incapsula includes DDoS protection as part of its Enterprise tier of service for an undisclosed fee. If you’re targeted with a highly sophisticated attack, however, you may want to consider hiring a DDoS-protection specialist, such as DOSarrest , a cloud-based security company based in Canada. Investigate ways to fortify your site. CloudFlare co-founder and CEO Matthew Prince suggests using nginx web server software — favored by the likes of Netflix and WordPress — because it can be more resistant to DDoS than other programs. He also recommends using the latest versions of your web software, such as WordPress and shopping carts, to prevent some application-based attacks. For fast protection DDoS protection for your e-commerce website click here . Source: http://www.entrepreneur.com/article/224099?cam=Dev&ctp=Carousel&cdt=13&cdn=224099
Continued here:
What Distributed Denial of Service ‘DDoS’ Attack Are and How to Survive Them
Prolexic Technologies exposed weaknesses in the command and control (C&C) architecture of the Dirt Jumper DDoS Toolkit family that could neutralize would-be attackers. The Dirt Jumper family of toolki…
Excerpt from:
Critical vulnerabilities in popular DDoS toolkit exposed