Applications are becoming more accessible on the web across all industries including gaming, e-commerce, software, and media. This is great for reaching new customers around the globe, but along with …
Read More:
Cloud security: Integrated global CDN with DDoS mitigation and WAF
Hackers are threatening banks and other financial institutions with Distributed Denial of Service (DDoS) attacks if they don’t pay them tens of thousands of dollars, according to various reports More than 100 companies were threatened, according to MarketWatch, which cited a Federal Bureau of Investigation (FBI) agent. Among the companies being targeted were big banks and brokerages in the financial sector. A DDoS attack is when a hacker floods a website with traffic, forcing it offline. It is usually done with the help of multiple compromised systems, which are often infected with a Trojan. Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office, told MarketWatch these threats have been coming in since April. He added that in some cases, the companies have paid up. These companies end up facing further trouble as hackers know that they are willing to engage. “There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs says. He says not all targets have experienced actual attacks. Companies are willing to pay large sums of money, as DDoS attacks could see them lose even more. A DDoS attack could see a company lose more than $100,000 an hour, according to Neustar, a Sterling, Va.-based information services and analytics company. Jacobs says the FBI does not advise or direct firms as to whether or not to pay the attackers or let their websites go down. “How important is that access to that website to your business? They have to make their own calls,” Jacobs says. “If you’re a discount broker and that’s the only way your customers can trade, that would be a concern. If it’s just a website that’s used for general news and information, maybe it’s not so difficult to have it down for an hour or two.” Yaroslav Rosomakho, Principal Consulting Engineer EMEA at Arbor Networks commented: “The fact hackers are planning on taking down websites with DDoS attacks unless organisations pay large sums of money is testament that hackers are becoming increasingly ruthless. Hackers’ activities against internet services of financial institutions are on the rise, since these services are an absolutely critical part of daily business. “Hackers realise that DDoS can be as disruptive as other more traditional attack methods and, unfortunately, still many organisations do not pay enough care to availability protection of their services and infrastructure. “Our research shows that DDoS attacks are continuing to grow in size, complexity and frequency with nearly half of businesses experiencing DDoS attacks last year. As attack size increases, so does the complexity of the hacker’s toolkit. “To ensure protection from these threats, organisations must have multi-layered DDoS protection in place, using both cloud and network-perimeter components to protect from stealthy application layer, state exhaustion and large volumetric attacks.” Source: http://www.itproportal.com/2015/07/31/hackers-threaten-banks-with-ddos-ask-for-ransom/
Read the original:
Hackers are blackmailing banks with threats of DDoS attacks
Don’t Pay Attackers or Scammers, Security Experts Warn Numerous firms across the financial services sector – and beyond – continue to face a variety of distributed-denial-of-attack and data breach extortion attempts. Attackers’ tactics are simple: Sometimes they threaten to disrupt a firm’s website, preventing customers from accessing it. And other times they warn that they will release data – which they obtained by hacking into the firm – that contains sensitive information about the organization’s employees and customers. Or, the attackers say, the organization can pay them off – typically via bitcoins – to call off the attack or delete the data. Richard Jacobs, assistant special agenct in charge of the cyber branch at the FBI’s New York office, reports that the bureau continues to see a large number of related shakedown attempts, with attackers in April making DDoS extortion threats against more than 100 financial firms, including some big banks and brokerages, MarketWatch reports. Some firms have reportedly been hit with demands for tens of thousands of dollars, and the FBI says that some victims do pay, even though attackers might never have followed through on their threats. Likewise, the payoff sometimes leads attackers to blackmail victims for even more money. “There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs tells Marketwatch. Attacks on the Rise This is far from a new tactic for criminals operating online, and law enforcement experts have long warned organizations to not accede to attackers’ demands. “Extortion types of attacks have always been around,” says information security expert Brian Honan, who heads Dublin-based BH Consulting and also serves as a cybersecurity advisor to Europol. “They were quite popular during the 1990s and early 2000s, waned for a while, but are now gaining popularity again with criminals. We are seeing a rise in such types of attacks both in the U.S. and in Europe.” Large financial institutions in particular appear to be getting singled out by blackmailers, says financial fraud expert Avivah Litan, an analyst at the consultancy Gartner. “The large banks are under an onslaught of [such] attacks; the smaller banks, I hear mixed things from,” she says. But banks don’t talk about such attacks much, she adds, “because no one wants the public to know that they’re being extorted.” The growth of such shakedown attempts has been driven in part by the increasing availability and ease of use of DDoS-on-demand services, Litan says. “It’s always been easy to get DDoS attacks, but now it’s just more organized, more readily available, and you can say, ‘I want to do it against these particular U.S. banks or U.K. banks,’ for example,” she says. Sometimes, attackers do follow through on their threats by executing DDoS disruptions or leaking data. Earlier this year, for example, a hacking team calling itself “Rex Mundi” demanded a payment of 20,000 euros ($21,000) from French clinical laboratory Labio, or else it would release people’s blood test results. When Labio refused to pay, the hackers dumped the data. The “Pedro Batista” Scam But at least some of these shakedown attempts appear to be little more than bluster. For example, one threat researcher – speaking on condition of anonymity – reports that in recent months, an apparently Portugal-based attacker or middleman named “Pedro Batista” has attempted to extort both the Federal Savings Bank, plus the Industrial Bank in China. Batista claimed in an email – sent to the researcher – to have obtained root access to an FSB MySQL database, which supposedly contained extensive information about the firm’s clients. For the Industrial Bank of China, Batista also claimed to have stolen a database containing employees’ salaries, plus usernames and passwords. Neither of those firms responded to Information Security Media Group’s queries about whether they could confirm having received blackmail notices from Batista, or if they had given in to the extortion demands. But Mikko Hypponen, chief research officer at F-Secure, says the Pedro Batista shakedown is a scam. “Since 2013, an individual using this name has been contacting security experts, offering vulnerabilities or leaked databases for sale,” he tells Information Security Media Group. “Those that have kept up the communication with him have found out that he had no goods or very little goods to actually deliver. He might be able to do some SQL injections to gain partial access to some information, but for the most part, this seems to be some kind of a scam operation.” How To Respond: 5 Essentials Organizations can simply ignore those types of scams, security experts say. But dealing with DDoS threats requires a more structured response, says Honan, who offers the following recommendations: React: Take the threat seriously, and “spin up” an incident response team to deal with any such attacks or threats. Defend: Review DDoS defenses to ensure they can handle attackers’ threatened load, and if necessary contract with, subscribe to or buy an anti-DDoS service or tool that can help. Alert: Warn the organization’s data centers and ISPs about the threatened attack, which they may also be able to help mitigate. Report: Tell law enforcement agencies about the threat – even if attackers do not follow through – so they can amass better intelligence to pursue the culprits. Plan: Continually review business continuity plans to prepare for any disruption, if it does occur, to avoid excessive disruptions to the business. Litan likewise advocates technical planning as the primary way to defend against threatened or in-progress DDoS attacks. Furthermore, if an organization’s DDoS defenses do fail to mitigate the attack, she says an excellent fallback strategy is to redirect customers to a backup site that attackers don’t yet know about. “If you are under attack, you have a miniature website set up that you can immediately redirect your customers to, with most of the functions on the site, so you don’t have to deal with extortion attempts – go ahead and DDoS me, it doesn’t matter,” Litan says. “Some of the large banks have done that, and it has worked effectively.” Above all, Honan says that on behalf of all would-be victims, no targeted organization should ever give in to extortion attempts. “Needless to say, you should not pay the ransom, as you have no guarantee the criminals will not attack you anyway, or that other criminals may target you in the future,” Honan says. “And by paying the demands you simply motivate the criminals to carry out similar attacks against you and others.” Source: http://www.bankinfosecurity.com/fbi-to-banks-ddos-extortions-continue-a-8446
More here:
FBI to Banks: DDoS Extortions Continue
The Royal Bank of Scotland group of banks suffered nearly a fifty minute outage to their on-line banking systems today as a result of a Distributed Denial of Service Attack. The banks affected included, Royal Bank of Scotland (RBS), NatWest, and Ulster Bank. A spokesperson from NatWest said in a statement “The issues that some customers experienced accessing on-line banking this morning was due to a surge in internet traffic deliberately directed at the website. At no time was there any risk to customers. Customers experienced issues for around 50 minutes and this has now been resolved.” It is interesting to see this attack impact banks in the UK just days after an FBI agent in an interview with MarketWatch said that more than a 100 financial companies in the US received threats relating to DDoS attacks since April of this year. These threats were usually accompanied by an extortion demand looking for money to be paid, usually in the form of BitCoins, to prevent the attack from happening. There were no additional details given as to how many of those financial companies actually suffered the threatened DDoS attacks, paid the ransom and had no attacks, paid the ransom but still become victims of the DDoS attack, or indeed simply ignored the demand and had no further interaction with those behind the threats. In May of this year, the Swiss Governmental Computer Emergency Response Team (GovCERT.ch) issued a warning relating to an increase in DDoS extortion attacks attributed to a group called DDB4C. GovCERT.ch highlight that the gang had previously operated against targets in other regions but were now targeting organisations in Europe. GovCERT.ch explained that the attacks by these groups are typically amplification attacks abusing the NTP, SSDP or DNS protocols. The Akamai blog also has more details on this gang and how they conduct their attacks. The threat from DDoS extortion attacks have been around since companies started doing business on-line. But as can be seen from the attacks against RBS, NatWest, and Ulster Bank, and the warnings from GovCERT.ch and the FBI, these attacks are coming back into vogue again. So if your organisation is faced with a DDoS extortion threat what should you do? Here are some steps to consider; Do not ignore the threat. It is possible it may be a bluff but it may also be a genuine threat. So inform your Incident Response Team so they can prepare in the event the attack materialises. Make sure your anti-DDoS protection mechanisms are able to cope threatened load. If you do not have any anti-DDoS systems in place contact your ISP, hosting provider, or security services reseller to discuss your options with them. Contact your Data Centres and ISPs to make them aware of the threats and allow them to prepare for any possible attacks. It would also be wise to ensure your Incident Response Team has direct contact with those of your providers. Do report the threat to the appropriate law enforcement agency. While they may not be able to directly assist with the threat or any eventual attacks, the information you provide could help law enforcement build and share intelligence with other law enforcement groups with the goal to eventually arrest those behind the threats. It may be wise to examine your business continuity plan to determine if you can invoke this plan in the event an attack materialises so that you can continue to provide services to your clients. It is also incumbent on anyone of us responsible for hosting internet facing services that these services are configured securely so they don’t facilitate criminals to use them in amplification, or indeed any other, attacks against other companies. It is interesting to note that this is not the first time that RBS has been targeted by DDoS attacks. In December 2013 its on-line systems were unavailable for up to 12 hours as a result of a DDoS attack. This came after the RBS group of banks suffered a major outage to their payment systems in 2012 resulting in the banks being unable to process customer payments for a number of days and led to the group being fined STG£56 million by UK regulatory authorities for the “unacceptable” computer failure. Speaking in December 2013 about the 2012 outage the RBS CEO, Mr Ross McEwan, admitted there had been a significant under investment in IT in the bank. Mr McEwan, said “For decades, RBS failed to invest properly in its systems. We need to put our customers’ needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on.” After today it looks like RBS will need to ensure it continues to invest in the technology and people required to keep its systems and data secure. Source: http://www.itnews.com/security/95340/ddos-attacks-take-down-rbs-ulster-bank-and-natwest-online-systems?page=0,1
Read this article:
DDoS Attacks Take Down RBS, Ulster Bank, and Natwest Online Systems
Bad packets cause crashes. Cisco has closed a hole in its ASR 1000 line of enterprise and service provider-grade routers that could trigger denial of service.…
Continue reading here:
Borg patches enterprise ASR router DoS hole
Easy to hack universal remote BIND DoS hole leaves DNS open to attack Gird your loins internet: Attackers now have the ability to disrupt large swathes of the web through a remote denial of service vulnerability found in the most widely used software for DNS servers.…
Original post:
Critical BIND bug scores PATCH YESTERDAY grading
When is a door not a door? When slapdash coding turns it into a glorified ‘off’ switch Internet Igors have stitched together a new Linux backdoor. Fortunately for internet hygiene the botnet agent – which packs a variety of powerful features – is faulty and only partially functional.…
Taken from:
Unhinged Linux backdoor still poses a nuisance, if not a threat
Hackers with Anonymous say they breached supposedly secure Canadian government computers and accessed high-level, classified national security documents as retaliation for last week’s fatal shooting by the RCMP of a protester in British Columbia. To support their claim, members of Anonymous provided the National Post with a document that appears to be legitimate Treasury Board of Canada notes on federal cabinet funding to fix flaws in the foreign stations of the Canadian Security Intelligence Service (CSIS). The Post has not independently been able to verify the authenticity of the document, marked with a security classification of “Secret.” Anonymous activists say they will disseminate sensitive documents if the officer who shot James McIntyre in Dawson Creek, B.C., is not arrested by Monday at 5 p.m., Pacific time. That threat has also been made on social media and a government source confirms authorities are aware of the threat. Activists say McIntyre was a member of Anonymous. When he was shot he appeared to be wearing a Guy Fawkes mask, often worn by supporters of the global hacktivist collective. Anonymous says it has several secret files. “We do have other documents and files. We are not going to speak to quantity, date of their release, manner of their release, or their topic matter at this time,” a spokesperson for a coterie of Anonymous told the Post in an interview conducted through encrypted communications. “This will be an ongoing operation with expected surprise as a critical element.” Government computers were breached in stages, over several months, the Anonymous spokesperson said, including during the Distributed Denial of Service (DDoS) attacks last weekend, organized in protest of the shooting. (DDoS is when multiple hijacked computers tie up the resources of a web site so the public cannot access it.) After the DDoS attacks, Public Safety Minister Steven Blaney told reporters that no personal information or government secrets were compromised. Jeremy Laurin, a spokesman for the minister, could say little about the veracity of the document or its response to the threat by Friday evening. “We are monitoring the situation closely,” said Laurin. “Our government takes cyber security seriously and operates on the advice of security experts.” The government has promised $235 million funding for a cyber-security ?strategy designed to defend against electronic threats, hacking and cyber espionage, he said. On Wednesday the minister said $142 million of that is to enhance security at several agencies, including the RCMP and CSIS. A well-placed government source said, “There has not been a hack of CSIS,” but was unable to say if other departments could make the same claim. Anonymous says the minister is incorrect in his assessment of recent cyberattacks. “In fact, part of what we were doing at that point were final penetration tests, not just for the Canadian government, but also with how the media would respond to Anonymous attacks,” the Anon spokesperson said. This purported hack is far different and more serious than the previous stream of aggressive online activity over the shooting that targeted police web sites and British Columbia’s hydro electric industry, both considered soft targets. If the Anonymous claim is accurate, it suggests a deeper penetration of a higher echelon of government computer containing far more sensitive information. The document provided to the Post outlines a meeting dated Feb. 6, 2014, regarding progress in upgrading cyber security at CSIS, Canada’s spy agency, to be monitored by the Communications Security Establishment Canada, two of Canada’s most secretive organizations. The paper discusses cabinet approval of millions of dollars to “extend the Service’s (CSIS’s) secure corporate network environment to its foreign stations.” The project was over budget, the document says, “due largely to increased information security requirements to address recent unlawful disclosures of classified material (i.e. Delisle, Snowden).” Jeffrey Delisle is a former Canadian naval officer who sold military secrets to Russia until his arrest in 2012. Edward Snowden is a former U.S. National Security Agency analyst who leaked classified documents revealing large-scale global surveillance in 2013. The document from Anonymous says the current CSIS system uses “inefficient and labour intensive data-processing and analysis systems to process and report intelligence information obtained at it foreign stations … These outdated processes result in delays that impact the Service’s operational effectiveness and jeopardizes the security of its personnel.” The new system was tested at two foreign stations and is expanding to CSIS’s 25 foreign stations, the document says. The sample document was provided to the Post with some elements redacted because the hackers were unsure what the markings mean and are concerned it could identify which machine or machines may have been compromised, the Anon spokesperson said. Source: http://news.nationalpost.com/news/canada/anonymous-says-it-hacked-canadas-security-secrets-in-retaliation-for-police-shooting-of-b-c-activist
Follow this link:
Anonymous says it hacked Canada’s security secrets in retaliation for police shooting of B.C. activist
New global DDoS attack data from Arbor Networks shows strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective. The largest attack monitor…
See the original post:
It's official: The average DDoS attack size is increasing
Recent FBI investigations and open source reporting reveal that extortion campaigns conducted via e-mails threatening Distributed Denial of Service (DDoS) attacks continue to expand targets from unregulated activities, such as illegal gaming activity, to now include legitimate business operations. The increase in scope has resulted in additional attacks with Bitcoin ransom amounts trending upwards as well. First identified approximately one year ago, Bitcoin extortion campaigns originally focused on targets unlikely to contact law enforcement for assistance. In early April 2015, the extortion campaigns began regularly contacting legitimate businesses operating in the private sector. In a typical scenario, a short-term DDoS attack is conducted on a victim’s web site lasting for approximately one hour. The DDoS is followed by an e-mail containing an extortion demand for payment via Bitcoin. If the victim has not paid the demanded payment, there is usually a second, more powerful DDoS attack within 24 hours, which lasts for an additional hour. This is followed by a second e-mail warning and extortion demand with an increased price. In most cases, victim companies have successfully mitigated the attack using third party DDoS mitigating services rather than paying the ransom. Technical Details The first DDoS attack is usually delivered prior to the sending of a ransom demand at 20-40 Gigabytes per second (Gbps) with a duration of approximately one hour. After the initial DDoS attack, an extortion e-mail is sent to the victim introducing the attacker, highlighting the initial demonstrative DDoS attack, and demanding payment in Bitcoin (ranging from 20-40) to ensure no further DDoS attacks are conducted against the business. If payment does not occur within 24 hours, a second demonstrative DDoS is generally conducted at a higher rate (40-50 Gbps) for an additional hour followed by an additional extortion e-mail. The types of DDoS attacks primarily consist of Simple Service Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks with the occasional SYN-flood and, most recently, WordPress XML-RPC reflection/amplification attacks. Source: https://publicintelligence.net/fbi-bitcoin-extortion-campaigns/
Original post:
Bitcoin Extortion Campaigns Expanding DDoS Attacks to a Wider Array of Business Sectors