Category Archives: DDoS Criminals

Asia to see rise in cloud DDoS security biz

COMMUNICASIA, SINGAPORE–With the rise of cloud services adoption, businesses also have escalating security concerns over distributed denial of service (DDoS) attacks, and that presents an opportunity for carrier service providers to offer cloud-based DDoS protection, which one industry executive adds is set to gain traction in Asia. Among enterprises, the constant discussion around cloud to make it “sexy and pervasive” to customers cannot ignore the question of what happens when the cloud service becomes unavailable due to an attack, said Lau Kok Khiang, director for Asia-Pacific IP division at Alcatel-Lucent. There is hence “strong pent-up demand” for cloud-based DDoS protection, for which carrier cloud services are in a good position to provide, he said. Lau was presenting at the Telco Rising Cloud conference in CommunicAsia here Tuesday. Large attacks have become commonplace, and enterprises are basically losing the arms race in the Internet security space, Lau described. Among the various DDoS attacks in 2011 alone that saw businesses worldwide suffer a “great amount of damage” involved Sony PlayStation Network, the Hong Kong stock exchange, Visa, MasterCard, PayPal, and WordPress, he pointed out. The executive emphasized that cloud-based DDoS security was a “win-win” scenario for both the service provider and enterprise customers. For the service provider, it is a new revenue opportunity, which also complements existing enterprise services such as virtual private network (VPN) and business broadband. Additionally, this could help drive customer stickiness, Lau said. That is because from the customers’ point of view, having cloud-based DDoS protection ensures 24-by-7 availability of the cloud services they use, which mean better safeguards for their enterprise assets such as confidential client data, he added. On the event sidelines, Lau told ZDNet Asia that cloud DDoS security is set to gain traction in Asia, due to increasing awareness of the risks and prevalence of DDoS. This will prompt companies to consider cloud DDoS protection as added security measures, in order to ensure their service availabilities meet customer demands as well as industry-specific regulations. Also, apart from commercial entities, governments in the region are also pushing the message that organizations need to protect themselves from becoming the next victim of an attack, he added, referring to the massive DDoS attacks that disrupted Internet services in Myanmar in November 2010. Another speaker at the conference, Anisha Travis, partner at law firm Webb Henderson, said while the cloud has benefits and opportunities for businesess, they should go into space with “their eyes open”. In other words, they need to understand and prepare for mitigate the major risks associated with cloud, one of which is service levels, she pointed out during her presentation. It is essential that service level agreements (SLAs) are well-drafted for specific service levels and must also include “practical remedies” when there is downtime or outage, Travis advised. Customers cannot rely solely on the service provider, and should do their due diligence in clarifying ownership, consequences, and failures, she added. Source: http://www.zdnetasia.com/communicasia/asia-to-see-rise-in-cloud-ddos-security-biz-62305165.htm

More here:
Asia to see rise in cloud DDoS security biz

Distributed Denial of Service ‘DDoS’ becoming more ‘sophisticated’, damaging

Distributed denial-of-service (DDoS) have matured with hackers blending different attack techniques and becoming more damaging, observers note. They add that defenses need to evolve to complement infrastructure security that has already been commoditized.” DDoS attacks, where multiple compromised systems usually infected with a Trojan virus, are used to target a single system have been getting more “sophisticated” over the years, Vic Mankotia, security vice president of CA Technologies Asia-Pacific and Japan, noted. Today, there are DDoS attacks coming from automated systems, payloads delivered from USB sticks and protocols such as Bluetooth and magnetic strips of cards, he observed. In the past, DDoS attacks primarily targeted networks using low-level protocol or volumetric attacks, Eric Chan, regional technical director of Fortinet Southeast Asia and Hong Kong, remarked. However, hackers today use a combination of volumetric and application-layer attacking techniques, he noted. An application-layer DDoS targets the application service by using legitimate requests to overload the server, and rather than flood a network with traffic or session, they target specific applications and slowly exhaust resources at the application layer, Chan explained. They can be very “effective” at low traffic rates, which makes them harder to detect, he added. The Sony Playstation breach for example, had been a result of application-layer DDoS attacks, able to camouflage a data breach of over 77 million customer records, he cited. Evolved with IT trends, hackers intent On a basic level, denial-of-service (DoS) has evolved from “taking a pair of wire cutters outside the organization and snipping those wires” 20 years ago, to becoming distributed DoS where “hundreds and thousands of” traffic making computers into botnets to shut down systems, Andrew Valentine, managing principal of investigative response at Verizon observed. Strong connectivity, data centers and cloud, have given mobility center-stage, paved way for the Bring Your Own Device (BYOD) trend making the security parameters “disappear”, Mankotia explained. While mobile devices may not store the target information, but they do allow the DDoS attackers access to the information they seek, he noted. Laptops and devices also have a lot more computing power compared to those in the past, Claudio Scarabello, global security product manager of Verizon added. As such, hardware have a lot more power to flood systems, and can be much more “damaging”, he warned. Another way it has evolved is through the intent, Valentine added. In the past, DDoS had stemmed from “bragging rights”–showing off one’s ability to hack into the server, as well as financial intents, he explained. Today, it is used for political intents, commonly known as hacktivism, and DDoS and data breaches have become “synonymous”, he added, citing the Verizon 2012 data breach investigation report which found a rise in hacktivism against large organizations. “As such, DDoS today is associated with political intent, and making a statement, and not about script kiddies showing off anymore,” he said. Security system with visibility, multi-layered defense needed What is needed is a different type of security to complement the infrastructure security that has already been commoditized–a security system which enables the knowledge of where and who is sharing the data, Mankotia pointed out. DDoS attacks are heavily customized with a signature to get specific information, and security has to evolve as all information is not equal, and all identities, access and system must be in one ecosystem, where content-aware identity and access management are applied and advanced authentication is at its core, he explained. As botnets can send huge amounts of legitimate connections and requests from each compromised machine, and determining whether such connections are valid or not will be crucial, enterprises will need security solutions with “sufficient visibility and context”, Chan added. “These systems should have sufficient visibility and context to detect a wide range of attack types without slowing the flow, and processing of legitimate traffic, and is then able to conduct mitigation in the most effective manner,” he said. Above of, a multi-layer defense strategy is also essential, and the defense strategy must cover both network-layer and application-layer attacks, Chan surmised. In need of protection click here DDoS protection . Source: http://www.zdnetasia.com/ddos-becoming-more-sophisticated-damaging-62305134.htm

Continued here:
Distributed Denial of Service ‘DDoS’ becoming more ‘sophisticated’, damaging

Accused British hacker launch DDoS attack and charged in U.S. over LulzSec attacks

A federal grand jury in Los Angeles has indicted a 20-year-old British citizen on charges related to attacks by the LulzSec hacking group on the Fox and PBS television networks and Sony’s film and TV studio, authorities said on Wednesday. Ryan Cleary, who is already jailed in the United Kingdom where he faces prosecution over similar charges, is accused of joining other members of LulzSec in harnessing compromised computers, known as a “botnet,” to steal confidential information, deface websites or attack servers. He was indicted on Tuesday. “Cleary is a skilled hacker. He controlled his own botnet, employed sophisticated methods and his broad geographic scope affected a large number of businesses and individuals,” FBI spokeswoman Laura Eimiller said. LulzSec, an offshoot of the international hacking group Anonymous, has taken credit for hacking attacks on government and private sector websites. Anonymous and its offshoots, including LulzSec and AntiSec, initially focused on fighting attempts at Internet regulation and the blocking of free illegal downloads, but have since taken on such targets as Scientology and the global banking system. The charges come just over two months after accused LulzSec hacker Cody Kretsinger pleaded guilty in U.S. District Court in Los Angeles to taking part in an extensive computer breach of Sony Corp’s Sony Pictures Entertainment. In March, court documents revealed that Anonymous leader “Sabu,” whose real name is Hector Xavier Monsegur, had pleaded guilty to hacking-related charges and provided the FBI with information on fellow hackers. According to the indictment released by the FBI, Cleary and his unnamed co-conspirators hacked into the computer systems of News Corp’s Fox Entertainment Group and Sony Pictures Entertainment and stole confidential user information. The indictment also charges Cleary and his co-conspirators of defacing the PBS website and launching “denial of service” attacks against an online gaming website and Britain’s Serious Organized Crime Agency. Cleary is charged with one count of conspiracy and two counts of unauthorized impairment of a protected computer. He faces a maximum sentence of 25 years in prison if convicted. Eimiller said federal authorities would “allow the prosecution to take its course” against Cleary overseas before deciding whether to seek his extradition to the United States. He is next scheduled to be in court in the U.K. on June 25. Anonymous, and LulzSec in particular, became notorious in late 2010 when they launched what they called the “first cyber war” in retaliation for attempts to shut down the WikiLeaks website. They attacked websites including those of MasterCard Inc, which had tried to block payments to WikiLeaks after apparent pressure from the U.S. government following the release of thousands of diplomatic cables. Source: http://www.reuters.com/article/2012/06/14/net-us-usa-lulzsec-hacking-idUSBRE85D00620120614

View article:
Accused British hacker launch DDoS attack and charged in U.S. over LulzSec attacks

“Armenpress” prevented Distributed Denial of Service ‘DDoS’ hacker attack

DDos (Distributed Denial of Service) attack took place in order to thwart the works of “Armenpress” Armenian news agency website, which was prevented by IT specialists of the agency. Earlier Armenpress web site has been attacked. The agency learnt about the hacker attack on June 13 night and informed the enforcement bodies. Armenpress staff continues its work: the agency’s customers receive the news with its full volume. Thanks to the efforts of Armenpress IT specialists the security of agency has been intensified: currently works are carried out to determine the reasons of hacker attack. “Armenpress” expresses gratitude to its colleagues for the support and condemns any kind of hacker attack, qualifying it as a crime in all respects. Source: http://armenpress.am/eng/news/684393/%E2%80%9Carmenpress%E2%80%9D-prevented-ddos-hacker-attack.html

See the original article here:
“Armenpress” prevented Distributed Denial of Service ‘DDoS’ hacker attack

Azerbaijani and Turkish hackers hit Armenian websites with Denial of Service ‘DDoS’ attacks

Last night Azerbaijani hackers attacked BlogNews.am, Armenpress.am websites, and Turkish hackers attacked Beeline.am website. Information security specialist Samvel Martirosyan informed about this. Armenpress.am and Beeline.am websites aren’t functioning at present. According to the information circulated by BlogNews.am, a significant part of the information on the website was deleted because of the hackers’ actions. At this moment, the website’s administration is trying to recover the deleted information. Source: http://www.yerkirmedia.am/?act=news&lan=en&id=7791

View post:
Azerbaijani and Turkish hackers hit Armenian websites with Denial of Service ‘DDoS’ attacks

North Korea ships malware-infected games to South Korean users, uses them to launch DDoS attacks

According to an independent report published in Korea’s JoongAng Daily, Seoul’s Metropolitan Police Agency has intercepted a cyber attack plot orchestrated by North Korea’s Reconnaissance General Bureau, which successfully shipped malware-infected games to South Korean users which were later on used to launch a DDoS attack against the web site of Incheon Airport. More details: According to the police, the South Korean man, identified by the surname Jo, traveled to Shenyang, northeastern China, starting in September 2009 and met agents of an alleged North Korean trading company. He allegedly asked them to develop game software to be used in the South. Jo purchased dozens of computer game software for tens of millions of won, which was a third the cost of the same kind of software in the South. The games were infected with malignant viruses, of which Jo knew, an official at the police agency said. Jo sold the games to South Korean operators of online games. When people played the games, the viruses used their computers as zombies, through which the cyberattack was launched. This is the second attempt by North Korea in recent months to engage in electronic warfare with South Korea, following the use of GPS jammers causing difficulties in air and marine traffic controls. What’s particularly interesting about North Korea’s infection vector in this campaign, is that it’s not a novel approach to spread malware. Instead, it relies on a chain of trust, from the unknown origin of the produced games, to the sellers claims that they are malware-free, and ultimately targets bargain hunters. In the past, software piracy has proven to be a key driving force behind the growth of malware campaigns internationally. Distribution of malware-infected games greatly reminds me of a case which happened in Eastern Europe in the 90s where a malware coder participating in a popular IT magazine’s coding contest, on purposely backdoored his game, which ended being shipped to thousands of subscribers on a magazine-branded CD. Although a good example of a flawed QA (Quality Assurance) on behalf of the magazine, South Korean authorities claim that the person who purchased the games actually knew that they were infected with malware, hence the lower price for purchasing them. Just how big of a cyber threat is North Korea? It’s an emerging market player, having actively invested in the concept over the years, that’s for sure. In my recent conversation with cyber warfare expert Jeffrey Carr, he pointed out that he doubts Russia or China will knowingly supply the irrational North Korea with cyber warfare ‘know how’. However, Russia or China’s chain of command doesn’t need to know that this outsourcing will ever take place, as North Korea could easily outsource to sophisticated cybercriminals doing it for the money, not for the fame. Summary: Seoul’s Metropolitan Police Agency has intercepted a cyber attack plot orchestrated by North Korea’s Reconnaissance General Bureau, which successfully shipped malware-infected games to South Korean users. Source: http://www.zdnet.com/blog/security/north-korea-ships-malware-infected-games-to-south-korean-users-uses-them-to-launch-ddos-attacks/12383

See more here:
North Korea ships malware-infected games to South Korean users, uses them to launch DDoS attacks

White House unveils initiatives to combat botnets

The Obama administration on Wednesday revealed new initiatives to combat botnets, believed to present one of the greatest threats to the integrity of the internet. Botnets are employed by cyber thieves to gain control of computers to perform illegal activities, including siphoning off assets, initiating denial of service (DoS) attacks, which could shut down a targeted website, or distributing spam. The initiatives stem from a voluntary public-private partnership between the White House Cybersecurity Office and the U.S. Departments of Commerce and Homeland Security (DHS), which coordinate with private industry to lead the Industry Botnet Group (IBG), a group of nine trade associations and nonprofit organizations representing thousands of companies. “The issue of botnets is larger than any one industry or country,” said White House Cybersecurity Coordinator Howard Schmidt at an event to announce the program (Schmidt recently announced his resignation). Also present at the event were Federal Communications Commission Chairman Julius Genachowski, Department of Homeland Security Secretary Janet Napolitano, Under Secretary of Commerce for Standards and Technology Patrick Gallagher, and a number of industry CEOs. According to an administration official who spoke with SCMagazineUS.com on Friday, “industry deserves credit for the real work in getting this done.” He said that the strategy goes back to a Commerce greenpaper on cyber security looking at areas where the government saw a solution in the private sector that could alleviate the botnet problem, but was not gaining traction and collective action. “Companies didn’t want to invest if other companies weren’t,” the administration official said. A call went out from the Departments of Commerce and Homeland Security to the private sector to find ways to build incentives for companies to implement best practices around botnets. “We were pleasantly surprised to find so much agreement,” the official said. A series of meetings at the White House followed, led by Schmidt, which led to the writing of IBG’s “Principles for Voluntary Efforts to Reduce the Impact of Botnets in Cyberspace,” he said. “Cybersecurity is a shared responsibility – the responsibility of government, our private sector partners and every computer user,” Napolitano said at Wednesday’s event, according to a release. “DHS has set out on a path to build a cyber system that supports secure and resilient infrastructure, encourages innovation, and protects openness, privacy and civil liberties.” The Online Trust Alliance (OTA) was also at the event to support the IBG’s principles. “We have a shared responsibility to commit resources to address the growing threats from botnets, which threaten to undermine the digital economy,” Craig Spiezle, executive director and president, Online Trust Alliance, said in a statement. “Preserving online trust and confidence needs to be a priority and the broad adoption of the Industry Botnet Group principles is an important step toward protecting the internet.” Source: http://www.scmagazine.com/white-house-unveils-initiatives-to-combat-botnets/article/243712/

Continue Reading:
White House unveils initiatives to combat botnets

WHMCS under renewed DDoS blitz after patching systems

‘Undesirable people’ are all over us WHMCS, the UK-based billing and customer support tech supplier, has once again come under denial of service attacks, on this occasion following an upgrade of its systems to defend against a SQL injection vulnerability.…

Read this article:
WHMCS under renewed DDoS blitz after patching systems

Man arrested for hacking into billing provider

The FBI has arrested hacker “Cosmo”, according to a report by Eduard Kovacs of Softpedia. Cosmo is alleged to be the leader of four-man hacktivist group UGNazi, which took control of the web site of major payment services provider WHMCS just over a week ago. Previously, UGNazi had been known primarily for distributed denial-of-service (DDoS) attacks carried out using its own botnet. Earlier this month, for example, it briefly took down the US Department of Education web site. UGNazi received even more attention when, on 21 May, it hacked into servers belonging to UK billing company WHMCS and copied private internal information, which it posted online two days later. The stolen data included a MySQL dump of the company’s customer database containing nearly 130,000 records, and data from the main server. The hackers gained access to WHMCS’ Twitter account and infiltrated the user forum. The group also carried out DDoS attacks to take down the WHMCS domain for several hours. The UGNazi hackers reportedly used basic social engineering techniques to gain access to the WHMCS domain. One of the hackers, probably Cosmo, phoned WHMCS’s hosting company claiming to be the company’s CEO and correctly answered the security question. They were then given full access to the company’s main server. WHMCS provides payment systems for small to medium-sized web sites. At the time of the intrusion, the customer database contained just under 13,000 credit card numbers, which were encrypted using a symmetrical AES algorithm. Passwords were salted, which should have made them harder to decrypt – but since the salt was recorded directly after the password, not impossible. Following the attack, the hackers spent several days taunting WHMCS. They posted tweets in the name of the company and rewrote some company blog and forum postings. In a statement on PasteBin, UGNazi stated that its motivation for the hack was simply to open the eyes of WHMCS users. The group’s US-based web site is now offline – having been, according to a tweet by Cosmo, seized by the FBI. Members of the group have told Kovacs that they are confident that the FBI will not be able to prove anything in relation to Cosmo. A fifth member left the group shortly before the attack on WHMCS. According to Softpedia, another member of the group hasn’t been online “for the past couple of days”. WHMCS has now reset all passwords for its customer area and warned its customers to be vigilant for ongoing consequences of the hack. Yesterday the company was forced to inform its customers of a further security concern, when a programmer informed WHMCS of a vulnerability in its payment processing system, for which the company released an immediate patch. Source: http://www.h-online.com/security/news/item/Man-arrested-for-hacking-into-billing-provider-1587517.html

Read the article:
Man arrested for hacking into billing provider

DoS crashes updated iPads, iPhones

A denial of service attack has been disclosed in the latest version of Apple iOS. The attack targets Safari in iOS 5.1.1 and a proof of concept was published online. Alienvault security researcher Alberto Ortega said the attack may also affect previous versions of the Apple operating system. The attack was successfully demonstrated on iPhone, iPad and iPod Touch. Ortega said the error was a “step to achieve a real exploitation”. “iOS has a lot of mitigations to avoid successful exploitation,” Ortega said. “This software has errors and holes but you will need to bypass those hard mitigations and find more weaknesses to have something “usable’.” Ortega reported the error to Apple at the time of disclosure but had no response from the notoriously security silent company. “When JavaScript function match() gets a big buffer as parameter the browser unexpectedly crashes. By extension, the function search() is affected too,” Ortega said in the advisory. Source: http://www.crn.com.au/News/302620,dos-crashes-updated-ipads-iphones.aspx

Taken from:
DoS crashes updated iPads, iPhones