Category Archives: DDoS Criminals

Envato Targeted by DDoS Attack, WordPress Theme Authors Report Major Decline in Sales

If you’ve attempted to access Themeforest or any other site on the Envato network lately, you may have encountered some down time. The company updated customers and community members today, attributing the technical difficulties to a DDoS attack: Since July 1, Envato has been the target of a sustained DDoS (distributed denial of service) attack. The attacker, whose motive and identity are unknown, has repeatedly flooded our servers with high levels of traffic, causing our services to be unavailable at various times. The most recent outage happened over the weekend when Envato Market was down for three hours on Friday and one hour on Sunday. This is a significant chunk of time for a market that paid out $224 million dollars to its members in 2014. The downtime has also impacted WordPress theme authors, who continue to dominate the Envato’s marketplace. According to Ben Chan, the company’s director of growth and revenue, 30 of the 31 sellers who make up the Power Elite wall of fame (selling $1 million+ worth of items) are WordPress product authors. The power of the WordPress economy on Envato is undeniable, but sales have taken a sharp decline in the past couple of months, even before the DDoS attack. According to PremiumWP, which cites reports from elite theme author Chris Robinson of Contempo and many others, sales have suddenly declined 50-70%. “Sales have declined over 70% starting from May with each passing day getting worse,” Robinson said in the members’ forum. “I’ve also spoken with other elite authors explaining the same thing. One example going from $1500/day to $700 – sure that’s still a great deal of money BUT what the hell is happening? “This isn’t just one or maybe twenty authors, it is marketplace wide affecting everyone. A marketplace wide decline in sales of this magnitude doesn’t just happen due to vacations, or other buyer factors. Going through the years of sales data (since 2008) this has never happened, I’ve personally gone from $2-3000/week to less than $700/week…that’s insane!” With new authors and products entering the market every day, the market share for established authors is slowly diminishing, but members are not convinced that this is the sole cause of the sharp drop in sales. FinalDestiny of TeoThemes, another author whose sales are declining, blames the one-size-fits-all theme products for gobbling up a greater slice of the market share. “Everybody is tired of these huge, monster multipurpose themes having the same price as normal themes, and that’s pretty much killing the marketplaces. But Envato couldn’t care less, as long as they get their share,” he said. In another thread, which ended up getting locked, there are 27 pages of comments from users speculating about why their sales have been dropping. Members cite seasonal buying fluctuations, piracy, Themeforest’s recent drop in Google search rankings, VAT and hidden price additions on checkout, and unfair pricing advantages for monster themes that claim to do everything, among other possible causes. In one thread, titled “More than 50% sales drop for most of the authors. Does TF care for Authors?“, an Envato community officer offered the following comment: We don’t really give sales updates over the forums other than to say your sales can go up and down for a multitude of reasons. Try not to assume the sky is falling every time the USA has a long weekend We have fast and slow periods throughout the year same as any business, and your portfolio will no doubt have peaks and valleys as well. This kind of generic reply has left theme authors scratching their heads, despite multiple threads in the forums popping up with concerns from those who are alarmed by the sudden drop. Many WordPress theme authors depend on Themeforest as their primary source of income. In one reply, the Aligator Studio seller sums up their concerns and frustration with the inability to convince Envato of the unusual circumstances that are affecting large numbers of sellers: We are not talking about valleys and peaks, we’re talking about a general traffic and sales fall, from New Year until now, especially after April. We’re not talking about regular ups and downs (sometimes steeper, sometimes not), due to longer weekends, summer holidays, and general and the usual stuff happening here in the last couple of years. It’s not a sky falling – it’s inability to pay our bills, we’re not fanatics that foresee the end of the world. Envato has yet to provide an official statement about the marketplace-wide decline in sales, apart from recognizing the network’s unavailability due to the recent DDoS attack. Source: http://wptavern.com/envato-targeted-by-ddos-attack-wordpress-theme-authors-report-major-decline-in-sales

View article:
Envato Targeted by DDoS Attack, WordPress Theme Authors Report Major Decline in Sales

New Reddit rival Voat hit by DDoS attack

A would-be rival to Reddit called Voat is getting media attention. Is that what led someone to launch a DDoS attack on Sunday? A group of disaffected users of the news site Reddit, often called the “front page of the internet,” recently migrated to a new community site called Voat. But in the wake of media attention for Voat, it appears another group decided to launch a Distributed Denial of Service attack in an attempt to take it offline. The attack, which began Sunday night, was confirmed on Twitter by Voat: The maintenance on our servers ended several hours ago, but we are still being hit with a layer 7 DDoS attack as Confirmed by CloudFlare. — Voat (@voatco) July 12, 2015 The tweet cites CloudFlare, a security company that can help sites manage DDoS attacks. Such attacks typically involve antagonists who harness botnets in order to direct massive amounts of traffic at a website’s servers, and knock it offline. The attack does not appear to have taken Voat’s website down for any length of time, though a message on its homepage says the incident has forced it to cut off access to the site from various apps: “In order to keep Voat at least somewhat responsive, we’ve bumped up CloudFlare security settings which essentially breaks most Voat third party apps currently on the market. We are sorry about this and we are working on a solution and taking this time to optimize our source code even further.” It’s unclear who is responsible for the DDoS attack, though some are suggesting (on Reddit and Voat naturally) that Reddit users may be involved. Although Voat is an obscure site (its attraction apparently lies in its reputation as a “troll haven”), its emergence – and the DDoS response to it – underscores once again the volatile, migratory nature of online communities. As my colleague Mathew Ingram explained, such communities can be “like an anthill, but one where there is no queen or recognized authority or even common purpose — one where all the ants wander around doing whatever they want, whether it’s building something beautiful or destroying things just for the sake of destroying them.” Source: http://fortune.com/2015/07/13/new-reddit-rival-voat-hit-by-ddos-attack/

Read the article:
New Reddit rival Voat hit by DDoS attack

Planetside 2, H1Z1, Everquest servers under DDoS attacks

Lizard Squad, the notorious hacking group, is claiming responsibility for DDoS attacks on game servers for Planetside 2, Everquest, H1Z1, and more. Planetside 2 and H1Z1 developer Daybreak has fallen victim to DDoS attacks on their servers. The attacks are perpetrated by Lizard Squad, and have affected the game’s websites, as well as servers players connect to. To understand why this is happening, we’ll have to go all the way back to August of last year, when a wide-range of DDoS attacks targeted a large number of gaming servers, among the affected was Daybreak Games (then Sony Online Entertainment). Members of the same hacking group then grounded the plane company president John Smedley was on, by tweeting a bomb threat to American Airlines. Fast forward to last week, the hacker responsible was convicted but managed to avoid jail time. Understandably, Smedley was not pleased, vowing to go after him in court. Which is more or less what sparked the attacks against his company’s servers. Source: http://www.vg247.com/2015/07/10/planetside-2-h1z1-everquest-servers-under-ddos-attacks/  

Continued here:
Planetside 2, H1Z1, Everquest servers under DDoS attacks

New Jersey Online Gaming Sites Hit by DDoS Attacks

Online gaming sites in New Jersey were rocked by a wave of distributed denial of service attacks (DDoS) last week, according to the New Jersey Division of Gaming Enforcement (DGE). At least four sites were knocked offline for around half an hour by the cyberattacks, David Rebuck, DGE director, said, although he declined to name them. The disruption was followed by a ransom demand, to be paid in bitcoin, and the threat of further more sustained attacks, he added. DDoS attacks are used by cyber criminals to flood the bandwidth of an internet site rendering it temporarily nonoperational. Online gambling has been a target for such criminals since the early days of the industry, although this is the first time that any attacks have been reported against the regulated US markets. However, last September, when Party / Borgata attempted to stage the most ambitious tournament series the regulated space had seen, the Garden State Super Series, major disruption forced the main event to be cancelled. “Known Actor” Suspected It was assumed that the technical difficulties were the result of a relatively new infrastructure bending under the weight of an uncommon influx of players, but it seems possible that there were more sinister forces at work. Cyber attackers typically strike at times when traffic is highest in order to maximize disruption, and a well-publicized event like the Garden State Super Series would have been an irresistible target. Rebuck’s assertion that law enforcement is now hunting a “known actor” in relation to the attacks, a suspect who has “done this before” would appear to confirm, at least, that New Jersey has been subject to a prior attack. Recent Attacks on Offshore Market Hackers have certainly disrupted unlicensed US-facing poker sites in recent times. Two months after the Garden Super Series, the Winning Poker Network (WPN) attempted to stage a similarly ambitious online tournament with $1,000,000 guaranteed. The event had attracted 1,937 players with 45 minutes of late registration still remaining, before it was derailed by a suspected cyberattack. An on screen-message relayed the news to players as the tournament was abandoned four and a half hours in, following a spate of disruptions. The tournament was canceled and buy-in fees refunded to all participants. On November 23, the Carbon Poker Online Poker Series was severely interrupted by poor connectivity issues, and the site has experienced intermittent problems several times since, although no official word on the disruptions has been forthcoming from .Carbon Poker. “It sounds like the regulators and the [gambling] houses anticipated this very type of attack and responded to it in a very appropriate manner,” cybersecurity expert Bill Hughes Jr, told the Press of Atlantic City of the incident last week. “It appears that the system worked here.” Source: http://www.cardschat.com/news/new-jersey-online-gaming-sites-hit-by-ddos-attacks-13472#ixzz3fFdK5Vbd

More:
New Jersey Online Gaming Sites Hit by DDoS Attacks

Another malware building toolkit leaked, botnets already popping up

Another malware building toolkit has been leaked, allowing less tech-savvy crooks to generate a fully functional variant of the KINS banking Trojan and to inject its configuration code in a JPG file i…

Read More:
Another malware building toolkit leaked, botnets already popping up

BOT-GEDDON coming after ZeusVM leak, hacker warns

Why pay $5k when you can pay $0? Former Kaspersky Japan boss now malware researcher Hendrik Adrian is warning of a boom of ZeusVM botnets, after the trojan source code was leaked online.…

See original article:
BOT-GEDDON coming after ZeusVM leak, hacker warns

Anonymous celebrates Canada Day with DDos attacks

For Canadians, July 1 is Canada Day—but to Anonymous, it’s also the perfect occasion to launch a protest campaign of distributed denial of service (DDos) attacks. The internet activist group announced on Wednesday morning that it had planned #AntiCanadaDay protests in support of its #OpCyberPrivacy campaign, created in opposition to Canada’s controversial, recently-passed anti-terror legislation, Bill C-51. The bill grants the Canadian Security Intelligence Service (CSIS) broad powers—with judicial authoriziation—to do just about anything to “disrupt” and investigate terrorist plots and propaganda, both online and offline. “We protest against the systemic invasion of privacy by government and corperate [sic] entities around the world,” the announcement reads. “We stand ardent in our defiance to all those who would take away our rights and freedoms.” A full list of targets, posted shortly before the #AntiCanadaDay attacks began, lists the websites of Liberal party leader Justin Trudeau, Minister of Justice Peter McKay, the Canadian Security Intelligence Service (CSIS), and the Canadian Senate as “main targets.” A host of other lobbyist groups and senators who voted in favour of Bill C-51 are listed as targets too. “All Canadian government web assests [sic] are fair game,” read the statement. “Lazors free on all federal, provincial and municpal [sic] services.” Shortly after noon, accounts on Twitter associated with the campaign reported that multiple government of Canada websites had been taken offline. When Motherboard attempted to access sites such as Canada.ca and sencanada.ca, for example, pages either loaded slowly, displayed an error, or did not load at all. “Remember hold nothing down for protracted lengths,” said an operation admin in the group’s chat room. “This is after all just a protest.” In a separate chat room interview, members told VICE News reporter Hilary Beaumont that eight people belong to the core #OpCyberPrivacy team. “We all expect blowback for today,” wrote one of the users, but said that it was worth the risk. “This bill violates the charter of rights and freedoms, universal declaration of human rights,” a user said, citing the threat of more invasive spying offline, and the potential to be arrested without a warrant and held without charge. “They make the rules up as they go,” wrote another member. “So if I’m a perfectly law abiding citizen who is impacted greatly by something and I protest I can be arrested [because] criticizing that is terrorism.” By early afternoon, focus had shifted to sites such as the Canadian parliament domain parl.gc.ca, and Conservative party Prime Minister Stephen Harper’s domain pm.gc.ca. The admin said the government was “putting up a good fight.” “They are adding load balancers, moving servers, closing off access,” wrote another user. “Some of the pages up [at the moment] are only cached versions.” The protest is expected to continue until midnight. Source: http://motherboard.vice.com/read/anonymous-is-celebrating-canada-day-in-protest-with-attacks-on-government-sites?utm_source=mbtwitter

Read the original:
Anonymous celebrates Canada Day with DDos attacks

DDoS Attacks Have Graduated to Extortion

There are things in this world that are far less enjoyable than having your website knocked offline to be certain. That being said, it can have a massive impact to your day or that of a company trying to make a living by selling their wares online. I remember early on one of the first large scale distributed denial of service (DDoS) attacks to launch was aimed at the White House. This was an attack that was expected at the time to be a withering assault that could reduce the White House website to a pile of molten “cyber” in the guise of what was dubbed a “virtual sit-in”. This took place in May 1998. There was concern at the time since this was not something that people had really given a lot of thought to at the time. But, in the end the web server had it’s IP address changed. It was that simple. The attackers had planned to attack not the domain name but, the IP address that was associated with the site. Simple presto change-o and the problem was fixed. These days it isn’t that simple to avoid becoming the victim of a distributed denial of service attack. There are different manner of DDoS attacks that can victimize a website. The vast majority of DDoS attacks are designed to overwhelm a site at the infrastructure level. The idea being to render the website and it’s resources unusable to the customers and the company or organization that run the site. This is cyber security equivalent of having a bully sit on your chest and say “stop hitting yourself, stop hitting yourself”. These type of attacks invariably lead to bragging on the part of the instigators. There seems to be an innate inability on the part of these attackers to keep their mouths shut. They seem to be incapable of just launching the attacks and want to be giving recognition for their endeavors. This frequently leads to them getting some press cycles and then a visit from the local constabulary. Assuredly not their desired outcome. This sort of media whoring plays well with much of the press as it provides a morbidly curious pubic with some level of insight into the instigators. When you drive by an accident on the side of the highway most of will slow down to look. It is human nature. So too is our apparent fascination with these attackers. What once began as an attacker defacing a website, later graduated to launching DDoS attacks. Now, those very attackers have demonstrated that they are no longer satisfied with press exposure. Now we see evidence of attacks being launched for money. Case in point is a crew that have been dubbed DD4BC for their pattern of launching attacks in a bid to collect bitcoin. We first saw them in 2014 when they ran trial run attacks against various websites. The curious point at the time was that they demanded a paltry sum from their victims. They were kicking the tires on their new machine. How this type of extortion attack would work is that they would launch a small burst of traffic against an intended victim and email them to ask them to look at their logs. This was a step to demonstrate that they were serious. The proverbial “look at my gun” approach that has worked for bank robbers for decades. The DD4BC crew would demand money and in the event the website operators failed to cave in to their demands they would launch their attack. As time progressed the cost to stop the attack would rise. I sincerely hope that no one has in fact paid the ransom that they demanded. This would only encourage them to launch more attacks. Also, for any site that would pay their demands this would provide them no guarantees that the attackers wouldn’t return to demand more money. Attackers have evolved with the times and so to should website operators. The need to have a web site that is designed to fail is clear. If you come under attack today, how will you scale? How will you defend your website? Telling them to go away or you will taunt them again simply won’t suffice. Source: http://www.huffingtonpost.com/dave-lewis2/ddos-attacks-have-graduat_b_7639516.html

More here:
DDoS Attacks Have Graduated to Extortion

Polish plane IT attack? Apparently not, just a simple DDoS

Turns out, it wasn’t that big of a deal after all The Register has discovered that the unspecified IT attack which left 1,400 passengers of LOT Polish Airlines stranded in Warsaw was a simple DDoS issue, which had so impeded the airline’s connection that it could not produce its flight plans in time for take offs.…

See more here:
Polish plane IT attack? Apparently not, just a simple DDoS

US the world’s botnet mothership says Level 3

Not the way you want to lead the world Level 3 Communications says America is home to more botnet command and control servers, edging out the Ukraine, with Russia only managing third place.…

Original post:
US the world’s botnet mothership says Level 3