Apple has released an update for its XProtect anti-malware system which makes it detect three different version of the iWorm OS backdoor malware discovered last week by AV specialists from Dr. Web. …
Follow this link:
Apple updates XProtect to kill iWorm botnet threat
Unfortunately, the sheer size and scale of hosting or datacenter operator network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. As enterprises increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating cyber threats – even as an indirect target. What is secondhand DDoS? The multi-tenant nature of cloud-based data centres and shared, hosted environments can be less than forgiving for unsuspecting tenants. A DDoS attack, volumetric in nature against one tenant, can lead to disastrous repercussions for others; a domino effect of latency issues, service degradation and potentially damaging and long lasting service outages. The excessive amount of malicious traffic bombarding a single tenant during a volumetric DDoS attack can have adverse effects on other tenants as well as the overall data centre or hosting providers operation. In fact, it is becoming more common that attacks on a single tenant or service can completely choke up the shared infrastructure and bandwidth resources, resulting in the entire data centre can be taken offline or severely slowed – AKA, secondhand DDoS. Black-holing or black-hole routing is a common, crude defense against DDoS attacks, which is intended to mitigate secondhand DDoS. With this approach, the cloud or hosting provider blocks all packets destined for a domain by advertising a null route for the IP address (es) under attack. There are a number of problems with utilising this approach for defending against DDoS attacks: Most notably is the situation where multiple tenants share a public IP address range. In this case, all customers associated with the address range under attack will lose all service, regardless of whether they were a specific target of the attack. In effect, the data centre or hosting operator has finished the attacker’s job by completely DoS’ing their own customers. Furthermore, injection of null-routes is a manual process, which requires human analysts, workflow processes and approvals; increasing the time to respond to the attack, leaving all tenants of the shared environment suffering the consequences for extended periods of time, potentially hours. The growing dependence on the Internet makes the impact of successful DDoS attacks-financial and otherwise-increasingly painful for service providers, enterprises, and government agencies. And newer, more powerful DDoS tools promise to unleash even more destructive attacks in the months and years to come. Enterprises which rely on hosted infrastructure or services need to start asking the tough questions of their hosting or datacentre providers, as to how they will be properly protected when a DDoS attack strikes. As we’ve seen on numerous occasions, hosted customers are simply relying on their provider to ‘take care of the attacks’ when they occur, without fully understanding the ramifications of turning a blind eye to this type of malicious behavior. What to do to mitigate an attack and protect the infrastructure Here are three key steps for providers to consider to better protect their own infrastructure, and that of their customers. Eliminate the delays incurred between the time traditional monitoring devices detects a threat, generates an alert and an operator is able to respond; reducing initial attack impact from hours to seconds by deploying appliances that both monitor and mitigate DDoS threats automatically. The mitigation solution should allow for real-time reporting alert and event integration with back-end OSS infrastructure for fast reaction times, and the clear visibility needed to understand the threat condition and proactively improve DDoS defenses. Deploy the DDoS mitigation inline. If you have out-of-band devices in place to scrub traffic, deploy inline threat detection equipment quickly that can inspect, analyse and respond to DDoS threats in real-time. Invest in a DDoS mitigation solution that is architected to never drop good traffic. Providers should avoid the risk of allowing the security equipment to become a bottleneck in delivering hosted services—always allowing legitimate traffic to pass un-interrupted, a do no harm approach to successful DDoS defense. Enterprises rely on their providers to ensure availability and ultimately protection against DDoS attacks cyber threats. With a comprehensive first line of defense against DDoS attacks deployed, date centre and hosting providers are protecting its customers from damaging volumetric threats directed at or originating from or within its networks. Source: http://www.information-age.com/technology/security/123458517/secondhand-ddos-why-hosting-providers-need-take-action
Link:
Secondhand DDoS: Why hosting providers need to take action
17,000 Macs compromised by malicious miscreants A zombie network that feasts on the computer brains of infected Macs has press-ganged 17,000 compromised machines into its ranks, Russian anti-virus firm Dr Web warns.…
Visit site:
MAC BOTNET uses REDDIT comments for directions
Although the web is only a quarter of a century old, it already has a rich history as a platform for worldwide protest. One common tool used by online activists is the distributed denial of service attack, or DDoS: a technologically crude tactic that involves sending so many requests to a target website that it crashes. In recent years, politically motivated DDoS attacks have been launched on the websites of financial giants and local government departments. This year, websites affiliated with the football World Cup were brought down in protest against FIFA. “DDoS has been around as an activist tactic probably since the early 90s,” Molly Sauter, a research affiliate at Harvard University’s Berkman Center for Internet and Society and doctoral student at McGill University, told me. Sauter is the author of the upcoming book The Coming Swarm: DDoS Actions, Hacktivism and Civil Disobedience , which details the history of the DDoS attack from an obscure, insular activity carried out by artists and intellectuals to a hallmark of 21 st century protest. The earliest example of a DDoS attack that Sauter found in her research was implemented by the Strano Network, an Italian collective that launched an attack in 1995 to protest against the French government’s nuclear policy. Back then, DDoS attacks were laborious, manual affairs, requiring participants to constantly remain at their computer. And because having an internet connection was relatively expensive, they couldn’t last for long. The attack in this case only endured for about an hour. The next major milestone was the use of DDoS by the Electronic Disturbance Theater (EDT). Originating in the 90s, and attracting the attention of the media by the end of the decade, the hacktivist group described DDoS as akin to a “virtual sit-in.” One thing that separated them from their predecessors was their use of tools developed in-house, which allowed anyone outside of the organisation to join in. Their kit, called FloodNet, directed a user’s traffic to a target predetermined by the EDT, which included the websites of politicians and the White House. Those wishing to join the “sit-in” simply selected their target from a drop down menu, clicked attack, and relaxed while FloodNet automatically bombarded the offending server. The well-known hacker collective Anonymous took this idea of crowd-sourced activism further, and popularised the idea of voluntary botnets. Often used by criminals, a botnet is a large number of systems, all linked together, which give whoever is in charge of them a whole lot of processing power to wield. DDoS is incredibly simplistic, at a purely technological level. By using the hacker-designed software Low Orbit Ion Cannon, and its subsequent upgrades, participants could connect their computer to a vast network and have it donate resources to DDoS attacks. And that pretty much brings us up to today. “DDoS is incredibly simplistic, at a purely technological level,” Sauter said. “While there might be individual innovations in ways of masking or multiplying traffic, it’s not actually going to get much more advanced than that.” But it’s not just the technical details of DDoS that have mutated over the years. The scale of attacks using the device has developed, too. “Groups have become better at attracting, acknowledging and manipulating media coverage in order to attract more participants,” Sauter explained. While earlier groups just did their own thing, Anonymous managed to engage those outside of their immediate cohort more readily. With their iconic imagery, popular Twitter accounts and evocative videos, the media had a lot of material to work with. The press lacked any sort of official spokesperson of Anonymous to talk to—“So they just tended to reproduce these artifacts in media coverage, which did the work of recruitment for Anonymous,” Sauter observed. “Anonymous didn’t have to do a lot of ‘active’ outreach. That was being done for them.” What actually constitutes a ‘successful’ DDoS attack has also changed. “In the 90s, you could sit in front of your computer with your friends, go to whitehouse.gov, click refresh a bunch of times, and you had a significant chance of the website crashing,” said Sauter. An industry has since emerged to offer protection from DDoS attacks, so crashing a major service today is rarer, though still possible with some serious fire-power. But there’s another way to measure the success of DDoS actions than just website down time. Sauter explained that, when it comes to activism in general, “The logic of change is that you have an action, you get covered in the press, then politicians and the public react to the press coverage, not so much the action itself.” This overall impact is perhaps more important than how long a specific website is technically inaccessible. As Sauter said, “The question of what success means is fairly up in the air.” Some argue that DDoS as a protest tool should be formally recognised as political speech, and enjoy the same free-speech protections as street marches, for example. Jay Leiderman, a criminal defense lawyer, has argued that DDoS is a first amendment issue in defence of the “PayPal 14,” a group of WikiLeaks supporters involved in a DDoS attack against the e-commerce business. Attorney Stanley Cohen, who represented one of the accused, described the act as an “electronic sit in,” and members of Anonymous also created a petition, pushing for politically motivated DDoS to be legalised. CIVIL DISOBEDIENCE AND OTHER TYPES OF ORGANISED LAW BREAKING ONLINE ARE STILL CONSIDERED VERY MUCH FRINGE ACTIVITIES. But DDoS can of course also be used for much less sympathetic purposes. “The biggest problem that activist DDoS faces in terms of its fight for legitimacy is criminal DDoS,” said Sauter. “DDoS is a very popular tactic in terms of harassment, extortion and other criminality.” For example, botnets for DDoSing purposes are reportedly already being created to exploit the Shell Shock bug, a recently revealed weakness in Linux and Unix operating systems. Furthermore, Sauter suggested that online activism in general still isn’t really accepted because it remains an alien concept to many people. “Civil disobedience and other types of organised law breaking online are still considered very much fringe activities because there isn’t an understanding that civil disobedience is something that you can do on the internet,” Sauter said. “That I hope is something that will change, but it will take a legal challenge.” But Sauter feels that political DDoS will continue to gain popularity when it comes to activism, and that it might even have something more to give. Whether it’s the Electronic Disturbance Theater protesting against neoliberalism, or Anonymous rising up to fight what they see as injustices, DDoS actions do not exist in a vacuum. Today, politically motivated DDoS is often part of a broader activist culture in the information age. Sauter suggested it could therefore introduce activists to other ideas, “such as information exfiltration, and leaking, and the construction of alternative infrastructures to replace the corporate-dominated and government-surveilled that are currently the main ways of socialising and communicating online.” In short, DDoS attacks in activist circles can be about more than just crashing a few servers. Source: http://motherboard.vice.com/en_uk/read/history-of-the-ddos-attack
Visit link:
The History of DDoS Attacks as a Tool of Protest
Gran’s knitting site etc sucked up into pr0n spam botnet A long established smut spammer is using hacked websites to sell stolen photographs of naked celebrities including Jennifer Lawrence, Kate Upton and McKayla Maroney.…
Read More:
Spammer uses innocent hacked blogs to punt NAKED PICS of JLaw, McKayla Maroney
DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps, according to NSFOCUS. A continuing trend of distributed denial-of-service (DDoS) attacks that are short in duration and repeated frequently has been revealed by the NSFOCUS 2014 Mid-Year Threat report. In parallel, high-volume and high-rate distributed denial of service (DDoS) attacks were on the upswing in the first half of 2014. DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps. In addition, findings showed that over 50 percent DDoS attacks were above 0.2Mpps in the first half of 2014, increasing from around 16 percent. More than 2 percent of DDoS attacks were launched at a rate of over 3.2Mpps, according to the report. “The DDoS attack is a relatively easy attack method to be employed with noticeable effects among other network attacks. When online service is stopped, the impact and damage it causes is very apparent and straightforward,” Xuhua Bao, senior researcher at NSFOCUS, told eWeek. “Attacks with high frequency make it hard for attack’ targets to respond to instantly, increasing the difficulty of the defense level.” The longest single attack lasted nine days and 11 hours, or 228 hours, while the single largest attack in terms of packet-per-second (pps) hit at a volume of 23 million pps. More than 42 percent of attack victims were targeted multiple times while one in every 40 victims was repeatedly hit more than 10 times. The highest frequency of attacks experienced by a single victim was 68 separate DDoS attacks. “Today, DDoS attack methods have become highly instrumental and resourceable. When an attacker plans to launch a DDoS attack on a specific target, there are plenty of DDoS attack tools and resources available online to be purchased and used,” Bao said. “With the rise of hacktavism in recent years, DDoS attacks have become a means of protesting or expressing your own opinion, which is widely used by some hacker groups.” The report revealed HTTP Flood, TCP Flood and DNS Flood were the top three attack types, together making up 84.6 percent of all attacks. DNS Flood attacks held their place as the most popular attack method, accounting for 42 percent of all attacks. While the number of DNS and HTTP Flood attacks decreased, TCP Flood attacks grew substantially. More than 90 percent of attacks detected lasted less than 30 minutes, an ongoing trend the report said indicates that latency-sensitive websites, such as online gaming, e-commerce and hosting service should be prepared to implement security solutions that support rapid response. The survey also indicated an increase in Internet service providers (ISPs), enterprises and online gaming sites as targets. Attacks targeting ISPs increased by 87.2 percent, while attacks on enterprises jumped by 100.5 percent and online gaming by 60 percent. “The online gaming industry has been a target of DDoS attacks and are mainly profit-driven. The nature of online gaming relies greatly on the Internet service and often there is a huge amount of money involved making them extremely sensitive to attacks,” Bao said. “When they are being attacked, there are obvious and direct economic losses, as well as the loss of the resources from players, which leads to malicious competition and extortion.” Source: http://www.eweek.com/small-business/ddos-attacks-target-online-gaming-sites-enterprises.html
See the article here:
DDoS Attacks Target Online Gaming Sites, Enterprises
With a bug as dangerous as the “shellshock” security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic. As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request. The shellshock attacks are being used to infect thousands of machines with malware designed to make them part of a botnet of computers that obey hackers’ commands. And in at least one case the hijacked machines are already launching distributed denial of service attacks that flood victims with junk traffic, according to security researchers. The attack is simple enough that it allows even unskilled hackers to easily piece together existing code to take control of target machines, says Chris Wysopal, chief technology officer for the web security firm Veracode. “People are pulling out their old bot kit command and control software, and they can plug it right in with this new vulnerability,” he says. “There’s not a lot of development time here. People were compromising machines within an hour of yesterday’s announcement.” Wysopal points to attackers who are using a shellshock exploit to install a simple Perl program found on the open source code site GitHub. With that program in place, a command and control server can send orders to the infected target using the instant messaging protocol IRC, telling it to scan other networked computers or flood them with attack traffic. “You install it on the server that you’re able to get remote command execution on and now you can control that machine,” says Wysopal. The hackers behind another widespread exploit using the Bash bug didn’t even bother to write their own attack program. Instead, they rewrote a proof-of-concept script created by security researcher Robert David Graham Wednesday that was designed to measure the extent of the problem. Instead of merely causing infected machines to send back a “ping” as in Graham’s script, however, the hackers’ rewrite instead installed malware that gave them a backdoor into victim machines. The exploit code politely includes a comment that reads “Thanks-Rob.” The “Thanks-Rob” attack is more than a demonstration. The compromised machines are lobbing distributed denial of service attacks at three targets so far, according to researchers at Kaspersky Labs, though they haven’t yet identified those targets. The researchers at the Russian antivirus firm say they used a “honeypot” machine to examine the malware, locate its command and control server and intercept the DDoS commands it’s sending, but haven’t determined how many computers have already been infected. Based on his own scanning before his tool’s code was repurposed by hackers, Graham estimates that thousands of machines have been caught up in the botnet. But millions may be vulnerable, he says. And the malware being installed on the target machines allows itself to be updated from a command and control server, so that it could be changed to scan for and infect other vulnerable machines, spreading far faster. Many in the security community fear that sort of “worm” is the inevitable result of the shellshock bug. “This is not simply a DDoS trojan,” says Kaspersky researcher Roel Schouwenberg. “It’s a backdoor, and you can definitely turn it into a worm.” The only thing preventing hackers from creating that worm, says Schouwenberg, may be their desire to keep their attacks below the radar—too large of a botnet might attract unwanted attention from the security community and law enforcement. “Attackers don’t always want to make these things into worms, because the spread becomes uncontrollable,” says Schouwenberg. “It generally makes more sense to ration this thing out rather than use it to melt the internet.” The Bash bug, first discovered by security researcher Stéphane Chazelas and revealed Wednesday in an alert from the US Computer Emergency Readiness Team (CERT), still doesn’t have a fully working patch. On Thursday Linux software maker Red Hat warned that a patch initially released along with CERT’s alert can be circumvented. But Kaspersky’s Schouwenberg recommended that server administrators still implement the existing patch; While it’s not a complete cure for the shellshock problem, he says it does block the exploits he’s seen so far. In the meantime, the security community is still bracing for the shellshock exploit to evolve into a fully self-replicating worm that would increase the volume of its infections exponentially. Veracode’s Chris Wysopal says it’s only a matter of time. “There’s no reason someone couldn’t modify this to scan for more bash bug servers and install itself,” Wysopal says. “That’s definitely going to happen.” Source: http://www.wired.com/2014/09/hackers-already-using-shellshock-bug-create-botnets-ddos-attacks/
Read More:
Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks
Updated Spike malware targets Asia Bad guys are launching denial of service attacks from Windows and Linux boxes and in a sign of desperation even fridges, freezers and Raspberry Pis.…
See the article here:
Desperate VXers enslave FREEZERS in DDoS bot
Who’d have thought it would be such a chore to run a radio station? Chain Radio, which launched a at the end of July, and since then they’ve dealt with some major issues. Namely, they’ve been the subject of DDoS attacks for weeks, but it really caught up with them in the last week. Rockstar, the head of Chain Radio, made a post on their page talking about what they’ve had to deal with in order to get their site up and running again, and the challenges they’ve faced. Unlike many other sites in the world of Bitcoin land we are operating a fleet of streaming servers which can not be simply placed behind the protection of CloudFlare. When someone is attacking our servers we are in a constant state of battle blocking IP ranges, blocking specific IPs and trying to keep everything online. Nevertheless, Rockstar remained defiant in the face of adversity. “It costs us over a thousand dollars each month to keep this service online for our listeners and if the DDOS attacks continue it will likely cost even more,” he said. “That said, we are committed to seeing this project through and NOT letting a few jerks silence what we are doing and the community that we are creating.” As to the identity of those “few jerks” and their motives, it remains unknown. As of this writing, Chain Radio is back up and running. They’re running a non-profit operation, relying largely on donations from the community. They’re taking donations to help offset the cost of the project through their website. Source: http://thecoinfront.com/chain-radio-returns-after-a-massive-ddos-attack/
Continue reading here:
Chain Radio Returns After A Massive DDoS Attack
A continuing trend of DDoS attacks are short in duration and repeated frequently. In parallel, high-volume and high-rate DDoS attacks were on the upswing in the first half of 2014, according to NSFOCU…
Read More:
High-volume DDoS attacks on the rise