In order to relieve the curiosity of the huge Reddit community, systems administrator Jason Harvey has shared some details about the DDoS attack that recently hit the popular social news site and cau…
More:
Reddit was downed by record DDoS attack, motive is unknown
By now, almost everyone has at least heard or seen the term DDoS. Unless you’re fairly geeky, however, you might not know what a distributed denial-of-service attack is or how one works. Even if you are a dyed-in-the-wool geek, chances are you don’t know what a DDoS attack looks like . Thanks to the security staff at VideoLan, developers of the highly popular VLC media player, you can now catch a glimpse. This is what it’s like to be on the receiving end: According to VideoLan’s Ludovic Fauvet, the servers at get.videolan.org have been dealing with around 400 requests every second. A pattern was quickly identified in the attacks, however, which allowed Fauvet and his teammates to cut the bad guys off at the pass. By singling out a common user agent, they’ve been able to tweak Nginx to leave those connections lingering in limbo. Right now, the DDoS requests aren’t accomplishing anything more than generating HTTP 403 errors. Prior to fortifying their defenses, the VideoLan crew was seeing around 200 downloads of VLC every second — which totalled nearly 30Gbps. Here’s a quick comparative: the massive DDoS that took down Wikipedia was pushing about 10 gigabits every second. So who’s behind the attack on VideoLan and what’s the motivation? That’s not known just yet, but thankfully the team in France should be able to plug away in the interim. They won’t let something like a DDoS stand in the way of delivering that fancy, new Windows 8 app to their backers. For protection against your eCommerce site click here . Source: http://www.geek.com/news/vulnerability-in-ruby-on-rails-could-bring-200000-sites-down-1535400/
Taken from:
This is what a DDoS attack looks like
Distributed Denial of Service (DDoS) attacks are a widespread problem in the iGaming industry with hackers betting that they can make money from online gambling merchants by threatening to take down t…
Originally posted here:
The age of information highway robbery
Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China. The average bandwidth seen in distributed denial-of-service (DDoS) attacks has recently increased by a factor of seven, jumping from 6 Gbps to 48 Gbps. Furthermore, 10% of DDoS attacks now exceed 60 Gbps. Those findings come from a new report released Wednesday by DDoS mitigation service provider Prolexic Technologies, which saw across-the-board increases in DDoS attack metrics involving the company’s customers. “Average packet-per-second rate and average bit rate spiked in the first quarter and both are growing at a fast clip,” said Prolexic president Stuart Scholly in a statement. “When you have average — not peak — rates in excess of 45 Gbps and 30 million packets per second, even the largest enterprises, carriers and, quite frankly, most mitigation providers, are going to face significant challenges.” In the first three months of 2013, 77% of DDoS attacks targeted bandwidth capacity and routing infrastructure, while 23% were application-level attacks that didn’t overwhelm targeted networks through packet quantity, but rather by disrupting critical applications or processes running on a server. The report also found that between the fourth quarter of 2012 and the first quarter of 2013, the total number of attacks increased marginally — by only 2% — while attack duration increased by 7%, from 32.2 hours to 34.5 hours. But the greatest number of DDoS attacks continue to be launched from China, although the volume of such attacks has recently declined. While 55% of all attacks came from China at the end of last year, by March 2013 that had dropped to 41%, followed by the United States (22%), Germany (11%), Iran (6%) and India (5%). The source of attacks doesn’t mean that a country’s government or even criminal gangs are directly responsible for launching DDoS campaigns. For example, the Operation Ababil bank disruption campaign being run by al-Qassam Cyber Fighters relies in part on hacking into vulnerable WordPress servers and installing such DDoS toolkits as “itsoknoproblembro” — aka Brobot. Attackers then use command-and-control servers to issue attack instructions to the toolkits, thus transforming legitimate websites into DDoS launch platforms. Given that situation, it’s no surprise that China, the United States and Germany — which all sport a relatively large Internet infrastructure — are also tops for DDoS attack origin. But Prolexic’s report said it’s odd that Iran, which has a very small Internet architecture by comparison, should be the source of so many attacks. “This is very interesting because Iran enforces strict browsing policies similar to Cuba and North Korea,” according to Prolexic’s report. As DDoS attack sizes increase, so do fears of an Armageddon scenario, in which the attack not only disrupts a targeted site, but every site or service provider in between. According to Prolexic’s report, the largest single attack it’s mitigated to date occurred in March, when an “enterprise customer” was hit with an attack that peaked at 130 Gbps. While that wasn’t equal to the 300 Gbps attack experienced by Spamhaus, it still represents well more than most businesses can handle, unless they work with their service provider or third parties to build a better DDoS mitigation defense. On that front, some businesses tap dedicated DDoS mitigation services from the likes of Arbor Networks, CloudFlare, Prolexic and Verisign. “There are a number of DDoS mitigation technologies out there, and we see organizations that are deploying the technologies in their own infrastructure and in their own environments,” as well as working with service providers, said Chris Novak, managing principal of the RISK Team at Verizon Enterprise Solutions, speaking recently by phone. “Like so many things in the security space, the layered approach is the most effective for most organizations,” he said. For protection against your eCommerce site click here . Source: http://www.informationweek.com/security/attacks/ddos-attack-bandwidth-jumps-718/240153084
Follow this link:
DDoS Attack Bandwidth Jumps 718%
Hackers have been able to weasel their way into computer networks from nearly every direction. From malware to ransomware, and everything in between, cyber crooks are always looking for new ways to st…
View post:
TDoS: The latest wave of Denial of Service attacks
Successful malware peddlers are always thinking up new ways of delivering malware to unsuspecting users. In the past Android malware was mostly served on third-party online marketplaces, but accor…
Follow this link:
Cutwail botnet now spreads Android malware
Hacktivist group Anonymous has launched a second massive cyber attack against Israel, dubbed #OpIsrael. The collective threatens to “disrupt and erase Israel from cyberspace” in protest over its mistreatment of Palestinians. Dozens of Israeli websites were unavailable as of early Sunday. In a video message posted on YouTube, Anonymous said that on April 7, “e lite cyber-squadrons from around the world have decided to unite in solidarity with the Palestinian people against Israel as one entity to disrupt and erase Israel from cyberspace.” Addressing the Israeli government, the group stated: “Y ou have NOT stopped your endless human right violations. You have NOT stopped illegal settlements. You have NOT respected the ceasefire. You have shown that you do NOT respect international law.” Earlier on Saturday, an Anonymous affiliated group identifying itself as The N4m3le55 cr3w announced that they “have gathered 600 websites and 100 plus servers we will be attacking” throughout Israel. The list includes banks, schools, businesses and a host of prominent government websites. “That is just our targets,” the group warned. “We cannot speak on what the rest of Anonymous will be attacking but we can guarantee it will be in the 1000?s.” The massive cyber attack falls on the eve of Holocaust Memorial Day. Anonymous has accused the Israeli government of mistreating its own citizens, violating treaties, attacking its neighbors, threatening to shut down the Internet in Gaza and ignoring “repeated warnings ” about human rights abuses. “The estimations are that [the cyber-attacks] will reach an unusual level that we have never seen before,” Deputy Information Security Officer Ofir Cohen said in an e-mail sent to Knesset employees on Thursday, The Jerusalem Post reported. Cohen added that the E-government – the Israeli government’s information security body – and the Knesset’s internet service provider (ISP) are working to block the attack. On Wednesday, thousands of Israeli Facebook users were infected by a virus, although its effects at this point appear to be minimal. On Friday, Israeli radio reported that scores of large organizations had closed their websites to shield them from hacker attacks. Despite the impending threat, Lior Tabansky, a fellow at the Yuval Ne’eman Workshop for Science, Technology, and Security of Tel Aviv University, told the Times of Israel that distributed denial of service (DDos) attacks, which work by overwhelming targeted servers with traffic which stems from multiple systems, are the only tool at the hackers’ disposal. “Unless they have names and passwords, [DDoS] is really their only attack strategy. Unfortunately, there is little a company can do to stop it, but it is not the major cyber-threat many people, especially in the media, believe it to be. It’s more of an annoyance, and if they do manage to intimidate sites into submission, the victory will be one of public relations.” However, other experts have warned that the hackers may attempt to deploy malware such as “Trojan horses”, which can steal information and harm host computer systems. Anonymous launched the first ‘OpIsrael’ cyber-attacks in November 2012 during Operation Pillar of Defense, an eight day Israeli Defense Force (IDF) incursion into the Gaza s trip. Some 700 Israeli website suffered repeated DDos attacks, which targeted high-profile government systems such as the Foreign Ministry, the Bank of Jerusalem, the Israeli Defence Ministry, the IDF blog, and the Israeli President’s official website. The Israeli Finance Ministry reported an estimated 44 million unique attacks on government websites over a four day period. Following ‘OpIsrael,’ Anonymous posted the online personal data of 5,000 Israeli officials, including names, ID numbers and personal emails. The group also took part in an attack in which the details of some 600,000 users of the popular Israeli email service Walla were released online. Source: http://rt.com/news/opisrael-anonymous-final-warning-448/
Read More:
Anonymous launches massive cyber assault on Israel
The DNS amplification vulnerability, which was exploited to the fullest in the attacks on Spamhaus, return incoming requests to a DNS server with as much as 100 times as much data. When the attackers have faked the source address for those incoming requests, the responses can overwhelm the victims’ servers — and possibly spill over and clog the Net. What is the aftermath of the massive Distributed Denial of Service attacks recently on the anti-spam Spamhaus organization? As the largest such attack in history, the digital assault on Spamhaus slowed network performance in some regions of Europe and elsewhere, raised alarms about whether the Net could reach a breaking point, and has become a historic event that could mark a turning point. According to reports in The New York Times and elsewhere, a key figure in the attacks appears to be Sven Olaf Kamphuis, who is associated with CyberBunker, the Dutch hosting facility where the attacks originated. After the Europe-based Spamhaus put CyberBunker on its spam blacklist, because of what Spamhaus said were substantial streams of spam e-mails coming from that hosting facility, the DDoS attacks began. Kamphuis maintains a Facebook page, in which he champions hosting services such as CyberBunker for providing open Net access, and he rails against Spamhaus for acting like an arbitrary authority. Like ‘The Mafia’ CyberBunker has said it will allow customers to host anything except “child porn and anything related to terrorism.” Spamhaus is backed by a variety of e-mail services, and experts have testified in court that many e-mail services would be rendered useless by the flood of spam if not for the organization’s efforts. But this massive wave of DDoS attacks — in which Web servers are overwhelmed by a flood of bogus traffic — broke some boundaries, according to Garth Bruen, an adviser to the consumer-oriented Digital Citizens Alliance. Bruen told USA Today that the attacks from CyberBunker were like “the kind of things we saw the mafia do to take control of neighborhoods 50 years ago.” He added that what was particularly “troubling” is that CyberBunker is a commercial ISP “working with shadowy figures in undisclosed locations.” Open DNS Resolvers The attacks have highlighted some ongoing weaknesses in the Internet’s infrastructure . Key among these are open Domain Name System resolvers, which allow attackers to engage in so-called DNS amplification. One of the weaknesses of open resolvers is that they do not authenticate a sender’s address before replying. This vulnerability, which was exploited to the fullest in the attacks on Spamhaus, return incoming requests to a DNS server with as much as 100 times as much data . When the attackers have faked the source address for those incoming requests, the responses can overwhelm the victims’ servers — and possibly spill over and clog other parts of the Net. DNS servers are critical to the Internet as they translate alphanumeric-based Web addresses like “www.google.com” into the numeric IP addresses that computers can understand. The Spamhaus attacks reportedly utilized more than 30,000 unique DNS resolvers. There are efforts, such as the Open DNS Resolver Project, to convince DNS administrators to implement source address validation, among other actions, to eliminate open DNS resolvers as a Net-wide weakness. There are also calls for IT departments and individual PC owners to make a greater effort to scan their computers for signs of malware that could be hijacking their machines into becoming part of a botnet. Additionally, the Electronic Frontier Foundation and others have offered tips to small businesses on how to cope with DDoS attacks, if their sites become one of the direct or indirect targets. For DDoS protection click here . http://www.cio-today.com/story.xhtml?story_id=0020002HERPO&page=2
The Cyber fighters of Izz Ad-Din Al Qassam hacker group – also known as Qassam Cyber Fighters – are at it again. For the third time in the last half year or so, they have mounted DDoS attacks agai…
See the article here:
Hackers attacking US banks are well-funded, expert says
Over the last couple of days, a group of iOS developers has been targeted with a series of rapid-fire texts sent over Apple’s iMessage system. The messages, likely transmitted via the OS X Messages app using a simple AppleScript, rapidly fill up the Messages app on iOS or the Mac with text, forcing a user to constantly clear both notifications and messages. In some instances, the messages can be so large that they completely lock up the Messages app on iOS, constituting a ‘denial of service’ (DoS) attack of sorts, even though in this case they appear to be a prank. Obviously, if the messages are repeated an annoyingly large volume but don’t actually crash the app, they’re still limiting the use you’ll get out of the service. But if a string that’s complex enough to crash the app is sent through, that’s a more serious issue. The attacks hit at least a half-dozen iOS developer and hacker community members that we know of now, and appear to have originated with a Twitter account involved in selling UDIDs, provisioning profiles and more that facilitate in the installation of pirated App Store apps which are re-signed and distributed. The information about the source of the attacks was shared by one of the victims, iOS jailbreak tool and app developer iH8sn0w. “On Wednesday night my private iMessage handle got flooded with “Hi” and “We are anonymous” bulls**t,” iH8sn0w tells us. He immediately disabled that iMessage email and began tracking the sending email domain’s current ownership. iH8sn0w shared a proof-of-concept AppleScript with us that demonstrates just how easy it is to set up a recurring message that could saturate a person’s iMessage queue with items that would need to be cleared or read before any actions could be taken. Another iOS developer targeted, Grant Paul, shared some additional details about the attacks. “What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly,” Paul says. The second part of that, he explains, is that if a user sends a ‘complex’ text message using unicode characters that force a browser to render ‘Zalgo’ text, or simply uses a message that is enormous in size, them the Messages app will eventually crash as it fails to display it properly. This will effectively ‘break’ the Messages app on iOS by forcing it to close and stop it from re-opening because it can’t render that text.” The ‘send a big message to crash the app’ method has been known for a while, as we were able to locate a month-old public posting that detailed an accidental triggering of this. The solutions involve playing around with sending a regular message, then locking the phone and activating the message notification until you’re able to time it right to delete the message thread that’s causing the problem. This is the way that Paul was able to finally delete the complex text that was causing him problems. Several of the developers we spoke to noted that multiple ‘throwaway’ emails were being used to send the spam, so while a simple ‘block’ option might work for a casual spammer, they wouldn’t work for a determined harasser. iH8sn0w notes that there is a possibility that Apple will notice these bursts of messages and block the repetitive spamming. This appears to be the only real solution as Apple does not currently allow you to block a specific iMessage sender. Once your iMessage ID is out there, you’re unable to stop people from using it. And since the latest version of iOS unifies your phone number and emails, there’s a strong possibility that if a person can ferret out your email, they can spam you with this annoying or disruptive technique. The only recourse right now is to disable that iMessage handle entirely. And if they get your phone number, it’s likely you’ll have to turn off iMessage entirely, because you can’t just change your phone number at the drop of a hat. Thankfully, this doesn’t seem to be a widespread practice, but it’s not that hard to figure out, and the only real solution will be the introduction of a block setting for Messages and better spam detection by Apple. We have informed Apple about the technique used in these cases but it has not responded with more information. We will update the article if it does so. Source: http://thenextweb.com/apple/2013/03/29/imessage-denial-of-service-prank-spams-users-rapidly-with-messages-crashes-ios-messages-app/
Continued here:
iMessage DDoS attacks foreshadow a bigger threat