Someone has been compromising MySQL servers around the world and using them to mount DDoS attacks. The latest targets of these attacks are an (unnamed) US hosting provider and a Chinese IP address. …
See the article here:
Attackers are turning MySQL servers into DDoS bots
News stunned security experts who had assumed that Isis terrorists or major country had been behind the breach A boy of 15 has been arrested and questioned on suspicion of being the mastermind behind the TalkTalk data theft cyber attack. A team from Scotland Yard’s Cyber Crime Unit joined Police Service of Northern Ireland officers as they raided the teenager’s home in County Antrim. The boy was arrested on suspicion of Computer Misuse Act offences and taken to a nearby police station. News of the suspect’s age stunned security experts who had assumed that a group of Isis terrorists or a country such as Russia had been behind the massive breach. IT insiders said it would be a “gamechanger” if proven that a teenager operating from his bedroom could bring a global company to its knees. The Met said the property was being searched and inquiries by CCU detectives, the PSNI’s Cyber Crime Centre and the National Crime Agency are continuing. A spokesman said on Monday night: “An arrest has been made in connection with the investigation into alleged data theft from the TalkTalk website. At approximately 4.20pm, officers from the Police Service of Northern Ireland (PSNI), working with detectives from the Metropolitan Police Cyber Crime Unit, executed a search warrant at an address in County Antrim, Northern Ireland. The phone and broadband provider, which has four million customers, initially said last week that the “sustained” attack was a DDoS, a distributed denial of service attack where a website is bombarded with waves of traffic. When experts pointed out a DDoS attack would not explain the loss of data TalkTalk later indicated it had been hit by an attack known as an SQL injection – a technique where hackers gain access to a database by entering instructions in a web form. IT security experts had already expressed surprise at how a company the size of TalkTalk was still vulnerable to the method, as it is a well-known type of attack and there are relatively simple ways of defending against it. The company has been heavily criticised for its handling of the cyber attack – the third it has suffered in the last eight months, with incidents in August and February resulting in customers’ data being stolen. Following last week’s breach TalkTalk admitted that customers’ bank account and sort code details may have been accessed as some customers said money has gone missing from their accounts. TalkTalk said there is currently no evidence that customers’ bank accounts have been affected but it does not know how much customer information was encrypted. The company said it would contact all current customers and that an unknown number of previous customers may also be at risk. TalkTalk’s chief executive Dido Harding said last week the firm had received a ransom demand from someone claiming to be behind the cyber attack. Jesse Norman, chair of the Culture, Media and Sport Select Committee, is leading an inquiry into the alleged data breach. Cyber Security Minister Ed Vaizey had earlier told MPs that companies could face bigger fines for failing to protect customer data from such attacks. He said the Information Commissioner’s Office can already levy “significant fines” but told the Commons he was “open to suggestions” about how the situation could be “improved”. TalkTalk is facing a maximum fine of £500,000 but the SNP’s John Nicolson said the prospect was “clearly not terrifying” for a company with an annual revenue of £1.8 billion a year. Shares in the telecoms company fell more than 12 per cent on Monday extending its losses from last week when news of the attack first emerged. A statement from Talk Talk said: “We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the police. We will continue to assist with the ongoing investigation. “In the meantime, we advise customers to visit [our website] for updates and information regarding this incident.” Source: http://www.independent.co.uk/news/uk/home-news/talktalk-hack-boy-15-arrested-in-northern-ireland-over-attack-a6709831.html
Read the original:
TalkTalk hack: 15-year-old boy arrested in Northern Ireland over DDoS attack
Faced with a wave of DDoS attacks, a horde of hackers claiming to be Anonymous and major data leaks from state-owned CAT Telecom all in protest of Thailand’s Single Gateway surveillance program, ICT Minister Uttama Savanayana took to Twitter to reassure people that everything was in order and that we had nothing to fear because we have regular data backups. Yes, apparently regular backups and standards in data storage are the answer to a hack and data leak. The tweet was up for most of the weekend before he deleted it to save himself further embarrassment. To recap, a group claiming to be Anonymous issued a statement in the wee hours of Thursday morning to attack the Thai Government and in particular CAT Telecom for refusing to back down on Single Gateway internet super censorship and surveillance project which, despite promises from the Prime Minister that it was just a clerical error never existed, is forging ahead full steam. Since then at various moments, hackers have managed to temporarily take down an obscure army internal accounting website, the ICT Ministry and CAT Telecom. The Anons also posted screenshots of what they claimed was CAT customer data with names blanked out, taunting the ICT Minister by asking what data standard allows for plaintext storage of passwords. CAT Telecom initially responded by saying the information posted was false and that the hackers only tried to infiltrate CAT’s dealer network and did so unsuccessfully at that. The Anons responded with more CAT customer data and a screenshot of a login in CAT’s CRM module. One would have thought that this would have caused the junta to think twice about centralizing everything but no. The ICT Minister had the stage in the weekly two-minutes of hate propaganda show, sorry, I meant Thailand Moves Forward propaganda show, in which he extolled the virtues of a single Geoment Service Chanel [sic] which called for even more centralization. Half the jokes were of using designer clothing to serve the people the other, well, let’s just say that geo in Thai is a anatomical word that would not befit the pages of this publication. So apparently not only he totally clueless as to what a modern day hack is (by saying that he had backup) but he cannot use a spell checker. By Sunday, CAT’s My 3G self-service portal was still down, though whether it was from the attack or if someone pulled the plug as a precaution was anyone’s guess. However, that hardly made the social media circles. Why? Well, because despite oodles of taxpayer cash (roughly $1 billion each for CAT and TOT for their 3G networks, plus who knows how much more to run the network), CAT and TOT have between them less than 100,000 subscribers, none of which bothered to check their balance or top up over the weekend, it seemed. Also noteworthy was how servers in CAT’s data center had their latency and jitter both jump but again, that could be a routing issue rather than someone installing deep-packet-inspection gear. But was the hack actually from a real Anon? Anonymous is more of a state of mind that a club with a for formal job interview and membership cards. Anyone can claim to be an Anon. Their key tenets are anti-surveillance and anti-censorship, both of which the Thai Single Gateway are aimed at imposing. One developer who did not want to be identified told TelecomAsia that the hacks on Thai government websites were simply too easy. He sent a screenshot with a page of .go.th sites with old, unpatched mysql servers that were ripe for taking over. His point being, a script kiddie noob could have carried out hacks on these government websites and it did not require the skills of a true Anon. Source: http://www.telecomasia.net/blog/content/thai-govt-website-ddosed-cat-customer-data-leaked DDoS? Well, considering that Thai government websites cannot even stand up to use on a busy day without crashing, again, that hardly requires serious firepower. The CAT data breach also happened about a month ago if the rumors in the underground are to be believed. Talking about the underground, none of my shadier contacts know who did it the attack. Considering the rather small size of the Thai hacking community, this is odd. To further throw doubt on everything, the F5 hackers dared me over Twitter to double check a phone number in the CAT data breach to see if the data was real or made up. I did call up the number and he had no clue about being hacked and said he was not a CAT customer. Not looking good for the hackers then. To be fair I did try to ask if he was working at the company he was listed as working for but the chap hung up on me first, obviously annoyed at my questions. But perhaps the number had been reused (the phone line application with CAT was way back in August 2014), perhaps he never got the phone line and had totally forgot about it. Or maybe it was made-up data and the hacker thought I would not call to fact-check. At this juncture, my gut feeling is leaning towards this entire episode being a honey trap to lure out dissenters and convince the undecided of the need to give up further liberties so that the government can protect us from Anonymous. If so, that has worked wonders. Then there is the separate matter of the 231 pages of leaked documents that are a headache just to try and read through. Who leaked them and why? It is a curious mix of army and MICT secret documents which begs the question, who would even have access to both sets of documents in the first place? Very few. But regardless as to whether this initial hack was real or staged, the matter of the Thailand’s Single Gateway has now reached the eyes of Anons the world over. One wonders if they are planning a real attack soon.
View article:
Thai govt website DDoSed as CAT customer data leaked
Incapsula researchers have uncovered a botnet consisting of some 9,000 CCTV cameras located around the world, which was being used to target, among others, one of the company's clients with HTTP flood…
Read the original:
CCTV botnets proliferate due to unchanged default factory credentials
Default and weak credentials on embedded devices can lead to powerful botnets We’ve reached a point that security researchers have long warned is coming: Insecure embedded devices connected to the Internet are routinely being hacked and used in attacks. Want to add a bunch of users without going out of your mind? We show you how to do that, and more. The latest example is a distributed denial-of-service (DDoS) attack detected recently by security firm Imperva. It was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras protecting businesses around the world instead of a typical computer botnet. The attack peaked at 20,000 requests per second and originated from around 900 closed-circuit television (CCTV) cameras running embedded versions of Linux and the BusyBox toolkit, researchers from Imperva’s Incapsula team said in a blog post Wednesday. When analyzing one of the hijacked cameras that happened to be located in a store close to the team’s office, the researchers found that it was infected with a variant of a known malware program designed for ARM versions of Linux that’s known as Bashlite, Lightaidra or GayFgt. While infecting computers with malware these days requires software exploits and social engineering, compromising the CCTV cameras that were used in this attack was very easy as they were all accessible over the Internet via Telnet or SSH with default or weak credentials. Insecure out-of-the-box configurations are a common issue in the embedded device world and have been for a long time. In 2013, an anonymous researcher hijacked 420,000 Internet-accessible embedded devices that had default or no login passwords and used them in an experiment to map the whole Internet. However, the problem is getting worse. The push by device manufacturers to connect things such as refrigerators or “smart” light bulbs to the Internet is largely done without consideration for security implications or an overhaul of outdated practices. As a result, the number of easily hackable embedded devices is growing fast. Shortly after the CCTV camera-based attack was mitigated, a separate DDoS attack was detected that originated from a botnet of network-attached storage (NAS) devices, the Imperva researchers said. “And yes, you guessed it, those were also compromised by brute-force dictionary attacks.” Source: http://www.computerworld.com/article/2996079/internet-of-things/attackers-hijack-cctv-cameras-to-launch-ddos-attacks.html
Continue Reading:
Attackers hijack CCTV cameras to launch DDoS attacks
There was a major distributed-denial-of-service (DDoS) attack on Rossiya Segodnya International Information Agency resources, including the Sputnik website and newswire, the company’s IT department said Saturday. The attack restricted access to desktop and mobile versions of the Sputnik website. IT specialists managed to ensure the timely release of news pieces to the newswire clients. The agency’s press service said that IT specialists were working to establish the details of the attack that restricted access to desktop and mobile versions of the Sputnik website. “Rossiya Segodnya websites and mailing services were unavailable to users for two hours starting at 7:00 p.m. Moscow time [16:00 GMT],” the press service said. DDoS attacks are caused by a large number of Internet users or software simultaneously sending requests to a website until it exceeds its capacity to handle Internet traffic. The Sputnik site was unavailable for almost two hours. Source: http://sputniknews.com/art_living/20151017/1028682238/sputnik-ddos-attack.html
More:
Rossiya Segodnya Information Agency Suffers Major DDoS Attack
Android users running AT&T and Verizon networks may be susceptible to distributed denial of service (DDoS) attacks. The alert comes from a new advisory posted by Carnegie Mellon University CERT database, which shows that the vulnerability allows hackers to target LTE networks and users. The reason for this vulnerability is primarily due to the way LTE works. Unlike conventional data transfer methods of circuit switching, LTE uses packet switching. The research says that this new method allows hackers to use the SIP protocol to enable a new set of attack vectors via wireless networks. If this loophole is exploited, denial of service attacks can be carried out on these networks and data exploitation along with ‘silent calls’ can be executed, allowing for unlimited phone calls and use of large amounts of data without any records of them in bills. According to the researchers, every Android OS version released to date could be affected by this vulnerability. Google has already been notified about this massive flaw, and has been advised to escalate its permissions on Android. Apple on the other hand has said that its phones aren’t affected by this LTE security flaw. Google itself is likely to release a security update very quickly for its supported Nexus devices to take counter-measurements against the issue. If you have a carrier-provided phone from LG, Samsung, or other brands however, chances are you’ll have to wait a while. Carriers are notorious for releasing updates on snail-like pace. Source: http://techfrag.com/2015/10/17/android-devices-affected-by-lte-security-flaw-could-result-in-ddos-attacks/
Read More:
Android Devices Affected By LTE Security Flaw, Could Result in DDoS Attacks
A tweet purporting to be from Anonymous, a diffuse international collective of online hacker activists, warned of cyberattacks on the websites of two major airports earlier this month, police sources said Saturday. A day later, the web pages of Narita and Chubu airports were struck down. On Oct. 10, the website of Narita International Airport went down for about eight hours from around 2:30 a.m. after being overwhelmed by multiple-source traffic. The website of Chubu Centrair International Airport also became difficult to access for 8½ hours. Flights at the airports were unaffected. According to investigative sources from the Chiba and Aichi prefectural police, the Twitter post on Oct. 9 said attacks would be made on two major Japanese airports. It gave the addresses of Narita and Chubu airports. The sources said the websites of the two facilities apparently suffered “distributed denial of service” or DDoS attacks, which are intended to paralyze a targeted website by overwhelming it with high levels of traffic sent from multiple network sources. The website of the town of Taiji in Wakayama Prefecture experienced a similar cyberattack in September, which police suspect was made by Anonymous in protest of the town’s longtime practice of hunting of dolphins whereby the mammals are killed or captured after being herded into a cove. The slaughter has become a cause celebre for animal rights activists and others. Source: http://www.japantimes.co.jp/news/2015/10/17/national/crime-legal/anonymous-cited-in-web-outages-at-two-japan-airports/#.ViKA7St4AmQ
Visit site:
Anonymous cited in Web DDoS attacks at two Japan airports
Continuing our exclusive coverage of the events unfolding at forex solutions provider oneZero, LeapRate has learned that the outages hitting oneZero and thereby some of its hosted clients over the past week are the result of distributed denial-of-service (DDoS) attacks being made against the company. After engaging multiple security contractors, the company has isolated the attacks and has determined that they originate out of China. A distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. It is the result of multiple compromised systems (for example a botnet) flooding the targeted system – usually one or more web servers – with traffic. The most serious attacks are distributed, meaning that the attack source is more than one (and often thousands) of unique IP addresses. Many of the cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. For these and other reasons, DDoS attacks are typically very effective and difficult to mitigate. oneZero management indicated to LeapRate that the attack against them has been made with a very high level of sophistication, but that the company is working very closely with security contractors and with its clients and expects the situation to be resolved. The attack against oneZero appears to be solely targeting connectivity, and has not at all affected the company’s own systems, so that no company or client data has been compromised. And so far, there has been no attempt to exploit the attack – DDoS hackers often try to blackmail their targets, requiring some sort of ransom to be paid in order to remove the attacks. Source: http://leaprate.com/2015/10/onezero-outages-the-result-of-chinese-ddos-attacks-leaprate-exclusive/
Read this article:
oneZero outages the result of Chinese DDoS attacks
Over the weekend video gamers who enjoy exploring the galaxy in Star Trek Online and fighting orcs with swords in Neverwinter Online found themselves briefly unable to do so. Some players described lag spiking so high that characters began “rubber banding”–or repeatedly teleporting back every time a player tries to move somewhere else. Cryptic Studios, Inc., the developer of Star Trek Online and Neverwinter quickly tweeted about the problem. The attack, a distributed denial of service (DDoS) attack hit the servers affecting both games and caused the network supporting them to crumble. The first hit the servers at approximately noon PST on Sunday and the second at 8pm PST on the same day. These sorts of attacks are commonly used by Internet trolls and rabble rousers to attract attention such as the likes of Lizard Squad, DerpTrolling, and LulzSec. Gaming networks are particularly susceptible to DDoS attacks with potentially thousands (or hundreds of thousands) of players expecting a flawless experience that requires the quick response of networks and servers. The attacker who claimed responsibility in the case of the Cryptic Studio’s properties is named NeverGodz (@NeverWinterGod) and may have only targeted Neverwinter Online –the effect on Star Trek Online ’s servers mere collateral damage in the attack. Due to the nature of DDoS, the damage rarely affects just one service, and can disrupt the entire data center or network node adjacent to the target. There were two separate attacks committed by @NeverwinterGod. Both attacks lasted long enough to bring both games down and make it difficult for players to log in or play. Players of both games went to Reddit ( Neverwinter Online , Star Trek Online ) and Twitter to voice their confusion as to the server issues and cited the tweets from Cryptic when they did. Some, such as STO commentator Lootcritter expressed curiosity over the reason for the attacks. So far, most attackers who hit online games have appeared to claim they do it “for the lulz,” or because the attacker is having fun. Although some, like Lizard Squad, claimed to do it to show how security at these sites is lax and unable to withstand attacks. Surviving DDoS attacks has nothing to do with traditional cybersecurity, however, and everything to do with the power and reaction time of network engineers. Most of the Internet mayhem crews and DDoS attackers to hit online games have been young, male and out to make names for themselves by causing disruption. The claims and trumpets of @NeverWinterGod looks no different. DDoS attacks easier, on the rise and a constant threat to online games In 2013, CloudFlare, Inc. CEO Matthew Prince predicted that DDoS attacks would only expand in scope and ease in 2014 and this has remained true for 2015. In April of this year, Arbor Networks, Inc. reported one of the largest DDoS attacks ever detected at 334Gbps. Akamai Technologies Limited backed up these figures stating that attacks had increased in volume and quality, the report stated that the total number of DDoS attacks increased 132.43 percent compared to Q2 2014. As for ease, one of the takeaways from Lizard Squad’s arrival was the launch of the Lizard Stresser DDoS-for-hire service, it is still online today. Although few would be foolish enough to use it after it’s previous hacks. According to Nexusguard Inc. there is a thriving market in DDoS-for-hire services even before Lizard Squad came on the scene, but if an ad hoc Internet mayhem crew could build one it shows how easily such a setup can be built. DDoS attacks are not easy to stop. Due to their distributed nature it’s impossible to squash them at the source, since the attack uses thousands to millions of computers across the globe to produce garbage connections and data directed at the target. Halting the attack at the target is difficult because all that garbage traffic can saturate the network across multiple tiers. Network engineers from anti-DDoS outfits such as Nexusguard need to work with upstream providers to filter out the garbage traffic before it reaches the smaller networks. Stopping a DDoS attack takes a lot of coordinated effort across region-spanning networks and affects more properties than just the intended target. Much in the same way a traffic jam in a city can make multiple exits from a freeway inaccessible. Efforts continue to attempt to thwart DDoS attacks, but it looks as if 2015 will continue to be a year when the volume and capabilities of attacks will rise. Update 09/14/2015 2:25pm PST: Star Trek Online and Neverwinter Online are under DDoS attack again today starting at approximately 1:45pm PST. Tweets suggest that the attacker is targeting Cryptic Studio’s Boston datacenters but did not last long, a mere 20 minutes. The attacker has shown an interest in knocking the servers offline repeatedly so there may be further attempts today. Source: http://siliconangle.com/blog/2015/09/14/star-trek-online-neverwinter-online-struck-by-ddos-attacks-twice-in-one-day/
Visit site:
Star Trek Online, Neverwinter Online struck by DDoS attacks twice in one day