Many security professionals have heard about Command & Control botnets, even more have been infected by them. Very few have had the opportunity to actually look inside the server control panel of a C&…
Continue reading here:
Video: DIY Command & Control for fun and no profit
Not everyone despaired over the Distributed Denial of Service (DDoS) attacks that hit some of the Web’s biggest e-commerce sites in February. Security consultants and developers of security tools seized the opportunity to spotlight their solutions. Simple DoS attacks are not new. During one, a hacker floods a system with packets of useless requests, making the system so busy it denies access to legitimate users. What’s new are the hacker tools that enable DDoS attacks, in which a hacker uses dozens or hundreds of machines to worsen the attack. The hacker uses client software on one PC to install ‘zombie’ or ‘back door’ programs on other servers, which then flood a target system with useless packets. Zombie programs, including TFN (Tribal Flood Network), Trin00, TFN2K (Tribal Flood Network 2K) and Stacheldraht (Barbed Wire), arrived last fall destined for Solaris, Linux and Windows NT servers. Until recently, most security packages designed to thwart such attacks were aimed at the Unix environment. Now, however, hundreds of programs are being designed for Windows NT, ranging from Internet Security Systems’ (ISS) award-winning SAFEsuite software to BindView Corp.’s free and downloadable Zombie Zapper. Some programs scan the addresses of outgoing messages, intercepting wayward messages before they swamp a potential victim. Others allow administrators to block fake messages from entering a system, or stop the echo functions that help create the constant data flood in a DoS attack. While the programs for NT are good news, the task of evaluating them can easily overwhelm an IS staff, according to Aberdeen Group, a consultancy in Boston. Adding pressure are unresolved issues of liability when one’s computers have been compromised because of lax security. To organize efforts and provide a modicum of legal defense, leading security practitioners suggest these guidelines: Perform a security audit or risk assessment of critical systems using system- and network-based vulnerability tools. Identify and empower an Incident Response Team. Establish an Emergency Response and Escalation Plan. Install Intrusion Detection and Response systems. Examine legal liability exposure. If systems are under attack: Alert your Incident Response Team. Contact your ISP; often, hosts can shut down your access line, stopping the attack. Notify CERT/CC. Notify law enforcement authorities at the FBI and the National Infrastructure Protection Center (NIPC). Monitor systems during the attack using network and host-based intrusion detection systems. Enable detailed firewall logging. Collect forensics to prosecute hackers later. Source: http://networksasia.net/article/preparing-ddos-attacks-960134400
Read the article:
Preparing for DDoS attacks
Wouldn’t have happened if you’d just used SVN, eh! Popular source-code warehouse GitHub was back online today after weathering a huge denial-of-service attack throughout the week.…
Read More:
GitHub wipes hand across bloodied face, stumbles from brutal DDoS beating
WordPress installations sporting known vulnerabilities continue to be compromised by hackers and turned into distributed denial of service (DDoS) launch pads. That warning was sounded last week after IT professional Steven Veldkamp shared an intrusion prevention system (IPS) log with Hacker News , which found that a single 26-second DDoS attack against a site run by Veldkamp was launched from 569 different WordPress blogs. Those blogs appear to have been compromised by attackers, since they comprised everything from a “mercury science and policy” blog at the Massachusetts Institute of Technology (which as of press time remained offline) and a National Endowment for the Arts blog to WordPress sites run by Pennsylvania State University and Stevens Institute of Technology. “The key aspect to note here is the number of compromised WordPress servers,” said Stephen Gates, chief security evangelist at DDoS defense firm Corero Network Security, via email. “It’s a simple mathematical equation — attackers are looking to infect servers sitting in hosting environments with each server easily capable of generating 1 Gbps of attack traffic. It is quite easy to generate extremely high volumes and varieties of attack traffic by compromising just a few WordPress servers.” Once WordPress servers get compromised, attackers can use them for a variety of purposes, such as attacking U.S. financial institutions. “From volumetric attacks that melt down firewalls to the ‘low and slow attacks’ that sneak through firewalls undetected — the list is really endless,” Gates said. WordPress blogs, of course, are easy to provision and host. But that ease of installation — and use — means that such software is often run outside the purview of IT provisioning and oversight. Furthermore, many WordPress administrators fail to keep their software updated or follow security best practices, such as choosing unique usernames and strong passwords for WordPress admin accounts. As a result, numerous WordPress sites sporting known vulnerabilities — or “admin” as the admin account name — remain sitting ducks for automated attacks. Indeed, malware is often used to automatically find and exploit vulnerable WordPress installations. In August, Matthew Bing, an Arbor Security Engineering & Response Team (ASERT) research analyst, noted that the Fort Disco malware — first discovered in April 2013 — was being used to target known vulnerabilities in content management systems, backed by six command-and-control servers that were running a botnet comprised of more than 25,000 Windows PCs. “To date, over 6,000 Joomla, WordPress and Datalife Engine installations have been the victims of password guessing,” he said in a blog post. How widespread is the problem of exploitable WordPress software? According to a study conducted by EnableSecurity CEO Sandro Gauci, the list of the one million most trafficked websites — per the Alexa index — includes 40,000 WordPress sites. But 70% of those sites are running a version of WordPress with known vulnerabilities. Those statistics were relayed last week by WordPress security expert Robert Abela, who studied data that EnableSecurity’s Gauci compiled over a four-day period in the middle of September, immediately following the September 11 release of WordPress 3.6.1, which remains the latest version. In a blog post, Abela reported that of the 42,106 WordPress sites from the Alexa index identified, 19% had already been updated to the new version, while 31% of sites were still running the previous version (3.6). But the remaining 51% of cataloged WordPress sites ran one of 72 other versions, with 2% of all cataloged sites still running version 2.x, which dates from 2007 and earlier. Needless to say, many historical WordPress updates have included patches for exploitable vulnerabilities. For example, the latest version of WordPress — 3.6.1 — patched a known vulnerability in version 3.6 that would have allowed an attacker to remotely execute code. Previous versions of WordPress have also sported a number of known bugs, including version 3.5.1 (8 vulnerabilities), 3.4.2 (12 vulnerabilities) and 3.3.1 (24 vulnerabilities). All of this adds up to numerous WordPress sites that can be relatively easily hacked, based on a review of the top 10 most-seen versions of WordPress seen among the more than 40,000 counted by Gauci. “At least 30,823 WordPress websites out of 42,106 are vulnerable to exploitable vulnerabilities,” said Abela. “This means that 73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools. Considering the number of vulnerable WordPress installations out there, and the popularity of such websites, we are still surprised … most of them haven’t been hacked yet.” Source: http://www.informationweek.com/security/attacks/wordpress-site-hacks-continue/240162060
Read More:
WordPress Site Hacks Continue
An analyst has confirmed that several, unnamed financial institutions have suffered losses in the “millions” owing to distributed denial-of-service (DDoS) attacks. According to Avivah Litan , VP and distinguished analyst at research firm Gartner , three U.S. banks were hit by short-lived DDoS attacks in recent months after fraudsters targeted a wire payment switch, a central wire system at banks, to transfer funds. » A phishing attack enabled hackers to modify the DNS records for several domains of media sites, including those run by The New York Times , Twitter and the Huffington Post U.K. Investigations revealed that the companies were not even the ones targeted by the attackers, who claimed to be the Syrian Electronic Army , a band of pro-Assad hacktivists responsible for a number of IT takedowns in recent months. In order to commandeer the major media sites, intruders compromised a reseller account that had access to the IT systems of Melbourne IT , an Australian registrar, and targeted an employee using an emailed spear phishing ruse. » The PCI Security Standards Council gave merchants a first look at changes to its credit card data and payment application security guidelines that could be introduced later this year. In mid-August, the council released the “3.0 Change Highlights” document, a preview to the updated PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS), which are set to be published Nov. 7. Expected changes in version 3.0 include a new requirement that merchants draw up a current diagram showing how cardholder data flows through organizations’ systems, and added guidance on protecting point-of-sale (POS) terminals from attacks, as well as educational explanations of why the 12 core security requirements have been included in the standard. » Saboteurs have introduced a rare breed of banking trojan capable of infecting Linux users. The malware, called Hand of Thief, is being sold on Russian underground forums and will soon offer a “full-blown” suite of malicious features, making it comparable to other major, commercially available financial malware, RSA researchers discovered. Hand of Thief’s price tag could reach $3,000 once criminals add a suite of web injections to its existing form grabber and backdoor infection vectors. » Around 14,000 former and present employees at the U.S. Department of Energy (DOE) had their personally identifiable information (PII) accessed by an unauthorized party who gained access to the agency’s network. The breach, which may have happened in late July, did not impact classified data, the DOE revealed. But, the incident could mean that sensitive data linkable to an individual was exposed. » In late August, the National Institute of Standards and Technology (NIST) released a preliminary draft framework in support of President Obama ‘s executive order, “Improving Critical Infrastructure Cybersecurity.” Earlier in August, NIST also released revisions to two of its security-related manuals, the first amendments since NIST released them in 2005, reflecting evolving malware threats and the trend of organizations using automated patch management. » Errata : Our apologies to Steve Lee , who we quoted in an insider threats story in August, for erroneously placing the office of his company, Steve Lee and Associates, in Texas, rather than Los Angeles. Source: http://www.scmagazine.com/news-briefs-the-latest-on-major-ddos-and-phishing-attacks-and-more/article/311635/
See more here:
The latest on major DDoS and phishing attacks, and more
In a race against time and ZeroAccess developers and botmasters, Symantec researchers managed to sinkhole a large chunk of the infamous P2P-based botnet before its herders managed to update the bots a…
View article:
Researchers sinkhole half a million ZeroAccess bots
Pied piper Symantec says it led infected computers into sinkhole Symantec has claimed credit for luring a significant lump of the powerful ZeroAccess botnet into a sinkhole.…
Read the article:
‘Quarter’ of TWO-MILLION-strong zombie PC army lured to their deaths
In March 2013, a distributed denial of service (DDoS) attack of unprecedented ferocity was launched against the servers of Spamhaus, an international non-profit dedicated to battling spam. A DDoS is an attack wherein the servers of a targeted online service are slowed to a crawl with loads of pointless email or file uploads that clog up their processing ability. The March Spamhaus attack peaked at 300 gigabits per second, Spamhaus CEO Steve Linford told the BBC at the time – the largest ever recorded, with enough force to cause worldwide disruption of the internet. In April, one suspect was arrested in Spain. Now, it’s come to light, another suspect was also secretly arrested in April – this one being a London schoolboy. The 16-year-old was arrested as part of an international dragnet against a suspected organised crime gang, reports the London Evening Standard. Detectives from the National Cyber Crime Unit detained the unnamed teenager at his home in southwest London. The newspaper quotes a briefing document on the British investigation, codenamed Operation Rashlike, about the arrest: The suspect was found with his computer systems open and logged on to various virtual systems and forums. The subject has a significant amount of money flowing through his bank account. Financial investigators are in the process of restraining monies. Officers seized his computers and mobile devices. The boy’s arrest, by detectives from the National Cyber Crime Unit, followed an international police operation against those suspected of carrying out the massive cyber attack, which slowed down the internet worldwide. The briefing document says that the DDoS affected services that included the London Internet Exchange. The boy has been released on bail until later this year, the London Evening Standard reports. The arrest follows close on the heels of two other London-based arrests resulting from international cyber-policing: Last week’s arrest of eight men in connection with a £1.3 million ($2.08 million) bank heist carried out with a remote-control device they had the brass to plug into a Barclays branch computer, and The arrest of 12 men in connection with a scheme to boobytrap computers at Santander, one of the UK’s largest banks, by rigging the same type of remote-control device found in Barclays – devices that enable remote bank robbery. Truly, the UK isn’t fooling around when it comes to cybercrime – a fact it’s making clear with the robust work of the National Cyber Crime Unit, which itself will soon be rolled into the even more cybercrime-comprehensive arms of the National Crime Agency. The National Crime Agency, due to launch 7 October, is going to comprise a number of distinct divisions: Organised Crime, Border Policing, Economic Crime, and the Child Exploitation and Online Protection Centre, on top of also housing the National Cyber Crime Unit. If the recent arrests are any indication, it would seem that the UK’s on the right track with cyber crime. May cyber crooks, both the seasoned and the schoolboys, take heed. Source: http://nakedsecurity.sophos.com/2013/09/27/schoolboy-arrested-over-spamhaus-ddos-worlds-biggest-cyber-attack/
See the article here:
Schoolboy arrested over Spamhaus DDoS, world’s biggest cyber attack
A distributed denial-of-service (DDoS) attack occurs every two minutes, and the number of victims that suffered from more than one attack has risen substantially, according to a new report released by security firm NSFOCUS in SecurityWeek. These attacks are not just high profile any longer, and that is a wake-up call to midsize firms, which are a key target for hackers for many reasons. DDoS Too Often NSFOCUS’s research found that 1.29 DDoS attacks strike somewhere online every two minutes. More than 90 percent of the attacks last less than half an hour. NSFOCUS ascertained that attacks generally remained short and did not go past the rate of 50 Mbps. The number of victims suffering more than one DDoS attack went up 30 percent in just a year, rising to 70 percent. Victims who suffered from only one attack went down from 51 percent last year to 31 percent this year. Interestingly, the study found that hacktivism was the key driver behind more than 91 percent of attacks. Also, online gaming communities and financial services are often targets. What Fuels It The survey also found that a lack of sufficient security, including poor passwords, has fueled the success of DDoS attacks. IT professionals at midsize firms have DDoS attacks on their radar screens since reports in the past few years have shown that the attacks are not just for high-profile purposes. Easily executed attacks that can do the most damage are ideal for today’s cybercriminals; that means midsize firms are at risk. Midsize firms are constantly concerned about having sufficient resources, personnel, money and time to remain competitive, so security must be a top priority for IT professionals, and those who work with third-party data centers should inquire what kind of DDoS protection is provided. Those that manage their own data centers must take the right precautions against botnets and application-layer DDoS attacks on the premises of the network. Also, by working with trusted and experienced security vendors, midsize firms can bring their own security to the next level. When all is said and done, firewalls no longer provide enough protection. A Worthy Investment Distributed denial-of-service attacks are growing, and midsize companies are falling victim. Cybercriminals know that they can successfully hit a lot of growing firms at once and make easy money. They know that some midsize firms do not take security seriously because it might be too costly or time-consuming to consider. In the end, the unprepared midsize firm loses resources, time and money to the costly consequences of a DDoS attack. IT professionals must prioritize security to maintain their company’s competitive edge. Source: http://midsizeinsider.com/en-us/article/distributed-denial-of-service-attacks-an
Originally posted here:
Distributed Denial-of-Service Attacks and Midsize Firms
When, in late August, China's Domain Name Service was targeted by a huge DDoS attack which ultimately lead to many websites being completely inaccessible for a period of time, the questions everybody …
View post:
Amateur hacker behind DDoS attack on China?