Arbor Networks released global DDoS attack data derived from its ATLAS threat monitoring infrastructure. The data shows an unparalleled number of volumetric attacks in the first half of 2014 with over…
Read More:
100+ DDoS events over 100GB/sec reported this year
The Justice Department filed a status report with the United States District Court for the Western District of Pennsylvania updating the court on the progress in disrupting the Gameover Zeus botnet an…
Original post:
DoJ provides update on Gameover Zeus and Cryptolocker disruption
On Thursday, the Norwegian police have arrested and charged a 17-year-old in connection to the recent massive distributed denial-of-service (DDoS) attacks directed at major financial institutions and other businesses in the country. The teen, from the city of Bergen, on Norway’s west coast, claimed to be part of the hacktivist group Anonymous Norway, who, in a Twitter message, dismissed any connection to him or the DDoS incidents. On the day of the attack, the teenager sent a letter to the media, claiming to be part of Anonymous and saying that “the motivation behind the current attacks and the next attacks in the future is to get the community to wake up. The number of major IT security attacks is increasing and there is nothing being done to prevent such events.” Evidence that Anonymous Norway was not involved in the incidents is the fact that the boy joined the group’s Facebook page on the same day of the attack. Furthermore, the hacker outfit provided a Pastebin link in a new tweet, pointing to the identity of the perpetrator; they did not create the post, just scooped it up. Initially, the youngster was charged with gross vandalism, which carries a maximum prison sentence of six years in Norway. However, since he has no record and is still a minor, this should be greatly reduced. According to News in English, Frode Karlsen of the Bergen police told Norwegian Broadcasting that the authorities are taking the matter seriously because this sort of attack can have significant impacts on society, like individuals not being able to reach emergency services in case they needed help. After his arrest, the teen cooperated in the investigation and clarified the nature of his actions. His defense lawyer stated that “he’s sorry for having caused all this and has laid his cards on the table.” The DDoS attack, which occurred on Tuesday, was considered among the largest ever seen in Norway and leveraged the vulnerable “pingback” WordPress feature. Its increased significance is due to the fact that it targeted layers three (network) and four (transport) of the OSI model, as well as layer seven (application), at the same time. Mitigating an application layer DDoS attack is not too easy, because the requests are directed at the application interface and mimic legitimate behavior, which makes filtering out the bad traffic more difficult. The attack aimed at disrupting the online services of major financial institutions in Norway (Norges Bank, Sparebank 1, Storebrand, Gjensidige, Nordea, Danske Bank), as well as other business, like Scandinavian Airlines (SAS) and Norwegian Air. The website of the largest telecommunications company in Norway, Telenor, was also affected. Source: http://news.softpedia.com/news/17-Year-Old-Behind-Norway-DDoS-Attacks-this-Week-450391.shtml
Read the article:
17-Year-Old Behind Norway DDoS Attacks This Week
Norway’s top financial institutions have been hit in what appears to be a coordinated cyber-attack, the biggest-ever the country has experienced. Anonymous Norway may be responsible for the operation. The Tuesday attack targeted at least eight top Norway companies, including central Norges Bank, Sparebank 1, Danske Bank and insurance companies Storebrand and Gjensidige. Three Norwegian airlines and a big telecommunication company may also have been affected by the same attack. The malicious bombardment with requests caused traffic problems for their website and disrupted access throughout the day. This affected the banks’ online payment services as well. “The scale is not the largest we have seen, but it is the first time it has hit so many central players in the finance sector in Norway,” said the head of Evry’s security team, Sverre Olesen in an interview with Dagens Næringsliv business newspaper. Evry provides services to many of the affected companies and was busy dealing with the emergency. The company said the attackers used a vulnerability in the blogging platform WordPress and other venues to hit the websites. They didn’t appear to try to hack into the targets’ networks and try to steal any personal information, it added. The source of the attack was abroad, Evry said. Norway’s National Security Authority (Nasjonal sikkerhetsmyndighet, NSM) said it was investigating the attack, but could not identify the perpetrators yet. The newspaper said it received an email signed by Anonymous Norway claiming responsibility for the DDoS attack on the banks. The email came before the news about it broke. But a tweet on the Anonymous Norway Twitter account denied the hacktivist group’s involvement, saying they were “laughing at those who think we are behind the attacks.” Source: http://rt.com/news/171724-norway-banks-anonymous-ddos/
Read the original post:
Norway banks hit in largest-ever DDoS attack, Anonymous ‘takes credit’
RAM scrapers foisted on 60 terminals A botnet has compromised 60 point of sale (PoS) terminals by brute-force password attacks against poorly-secured connections, FireEye researchers say.…
See more here:
Brute-force bot busts shonky PoS passwords
As noose tightens, VXer pleades: ‘Stop breaking my ballz’ Facebook has taken down a Greek botnet that at its peak compromised 50,000 accounts and infected 250,000 computers to mine crypto-currencies, steal email and banking details and pump out spam.…
See more here:
Facebook scuttles 250k-strong crypto-currency botnet
Distributed Denial of Service (DDoS) attacks are quickly becoming the preferred method for cyber attackers to wreak havoc on the internet. With a recent spate of attention grabbing headlines focused o…
Continue reading here:
Dispelling the myths behind DDoS attacks
Hacktivist for Operation Hacking Cup #OpHackingCup took down the Brazil World Cup site and have targeted hundreds of other sites. This was not the first time a major event has been targeted nor will it be the last. Hacktivist have been actively leveraging Distribute Denial of Service (DDoS) attacks as a way to successfully highlight and protest against political, economic or ideological conflicts for quite some time. It has become so mainstream there was even a petition to the Obama administration to make DDoS legal. The FFIEC recently issued guidance to financial institutions with a quick guide on mitigation techniques. Techniques used by cybercriminals to conduct attacks have become increasingly sophisticated – from single point denial of service attacks on networks to distributed denial of service beyond focusing just on Layer 7. In fact, DDoS has become so commercial that we’ve seen DDoS for hire underground offerings for as low as $7 per hour with free one hour try before you buy option. Couple this with a recent Ponemon report which highlighted that one hour of downtime for a merchant would equate to an average loss of $500,000 – what an amazing ROI for cybercriminals considering for the same amount of money I spend on coffee a day they can impact an organization’s bottom line by over $500,000! Traditional DDoS attacks focused on things like UDP Flood, Syn Flood and ICMP Flood targeting network resource exhaustion . Modern day DDoS attacks such as Op Ababil, target the HTTP layer and above. In recent DDoS attacks, reflection and amplification have been the weakness of choice such as the Network Time Protocol (NTP) attacks this past February or the DNS lookup attacks late last year. Cybercriminals continue to develop even more sophisticated botnets which can remain active longer before being discovered and they are hosting a botnet’s command-and-control center in a Tor-based network (where each node adds a layer of encryption as traffic passes) obfuscates the server’s location and makes it much harder to take it down. Additionally, cybercriminals are building more resilient peer-to-peer botnets, populated by bots that talk to each other, with no central control point. If one bot (or peer) in a peer-to-peer botnet goes down, another will take over, extending the life of the botnet using business continuity techniques. This is exactly what we saw with the recent GameOver Zeus and CryptoLocker botnet disruption. These types of attacks make requests that are perceived to be legitimate; like attempting logins, performing search or downloading large files repeatedly which can easily bypass standard DDoS defenses such as firewalls, Intrusion Prevention Systems (IPS) and Web Application Firewalls (WAF). Additionally, modern day DDoS attacks are starting to abuse a business logic flaws rather than network resources on a more frequent basis as few organizations are focused on that aspect of their site for security detection. This is why it is becoming more critical to determine whether a request is legitimate or not and without understanding business logic used for processing the request this is incredibly challenging. In addition to what you are already doing today, you should consider focusing on the detection of business logic abuse by analyzing the behavior of users. You can achieve this by tracking every user/IP including pages accessed, the order of accesses, how quickly they moved between pages and other web paths taken by the same IP address. Further, if you analyze all web traffic it makes it possible to identify users or IP addresses displaying similar behavior. Users can then be clustered based on behavior enabling your administrators to find all endpoints involved in the attack. If this analysis happens in real-time you can identify more attackers as attacks happen. Take a look at what we saw with one of our Web Threat Detection customers. In a world where we will always have political, economic or ideological conflicts – and major sporting event, we should assume there will always be some type of cyber attack in parallel. What is your game plan to defeat your competition? Source: https://blogs.rsa.com/world-cup-ddos-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=world-cup-ddos-attacks
Read this article:
The World Cup of DDoS Attacks
Accused will tap the boards before the beak today An unnamed London teenager has been charged with a series of criminal offences following a series of denial-of-service attacks against internet exchanges and the Spamhaus anti-spam service last year.…
See the original article here:
London teen charged over Spamhaus mega-DDoS attacks
What viruses reveal about people’s dependence on machines
View original post here:
Battling the Botnets