Iran-based hacker groups have traditionally concentrated more on website defacement and DDoS attacks aimed at making a political statement, but as time passes, some of those groups and their attack me…
Follow this link:
The evolution of an Iranian hacker group
DNS flood washes over company servers Domain hosts Point DNS has been hammered with a high intensity DDoS attack on Friday, knocking servers out for hours.…
Originally posted here:
Point DNS blitzed by mystery DDoS assault
New research released by Neustar suggests that the majority of UK businesses are unprepared to cope with the threat of DDoS attacks. Distributed Denial of Service (DDoS) attacks are a common method for cyberattacks to disrupt an online businesses. A DDoS attack uses compromised computer systems to attack a single target, sending traffic from multiple points of origin in a flow, which often overwhelms a system, causing it to deny authentic traffic access to services. According to research released by Neustar, a third of UK businesses estimate losses of £240,000 per day when hit with DDoS attacks. After surveying 331 companies in the United Kingdom across numerous industries including financial services, technology, and the public sector, the analytics provider says larger DDoS attacks are becoming more frequent with a 200 percent increase in attacks affecting bandwidth between 1-20Gbps, in addition to a significant increase in attacks on bandwidth with a magnitude of 100Gbps or more. Neustar’s report, “ United Kingdom DDoS Attacks & Impact Report. 2014: The Danger Deepens ,” also states that DDoS attacks are a “growing threat to organisations with potentially calamitous consequences for companies” without proper protection. Not only can DDoS attacks have an immediate impact on sales and business revenue, they can have long-lasting detrimental effects on brand value, customer trust, and public reputation. Key findings from the survey include: DDoS attacks often disrupt multiple business units, with public-facing areas like call centres, customer service, and marketing absorbing over 40 percent of DDoS-attack related costs. Over 35 percent more UK companies were hit by DDoS attacks in 2013 compared with 2012. In 2013, there was an increased number of longer attacks, with 28 percent lasting up to two days or more. Once attacked, there is an estimated 69 percent chance of a repeat attack. While 31 percent of these companies were DDoS-attacked once, over 48 percent were targeted two to 10 times. In 2013, attacks requiring over six people to mitigate rose to 39 percent compared to 25 percent in 2012, a 56 percent increase. In addition, Neustar’s research highlights an increase in a trend dubbed “smokescreening.” These types of DDoS attacks are used by cybercriminals in order to divert IT department attention while malware and viruses are inserted within a business network, with the overall aim of stealing valuable data or funds. Rodney Joffe, Senior Vice President and Technology Fellow at Neustar commented: Organisations must remain constantly vigilant and abreast of the latest threats. As an example, Neustar’s UltraDNS network suffered an attack just last week peaking at over 250Gbps — a massive attack by industry standards. Even with proper mitigations in place, the attack caused an upstream ripple. It is a constantly changing threat landscape. In February, Web performance company CloudFlare reported the mitigation of a DDoS attack on a French website which reached a record-setting attack of at least 325Gbps, and a potential reach of 400Gbps. Source: http://www.zdnet.com/majority-of-uk-firms-unprepared-for-ddos-attacks-study-finds-7000029178/
More:
Majority of UK firms unprepared for DDoS attacks, study finds
One of the hot topics at the Infosecurity Europe show – held in London this week – is the scale and complexity of the latest attacks against corporates. Whilst several research operations and vendors competed with each other to come up with reports on how bad the attack landscape is at the moment, the real question that C level executives attending the event want to know is: how bad are the attacks really – and what can I do to defend against the threat? According to Ian Pratt, the co-founder of Bromium Labs, the threats situation is potentially quite serious, as his research team has uncovered a new type of attack vector called the Kernel Kracker, which is what some experts call a layered attack. The attack exploits a vulnerability in the Windows operating system kernel and allows the attacker to gain admin/system level privileges on the host system, so allowing them effectively peel away the various layers of security the company has installed. Having said this, Pratt says that the use of multiple layers of security to protect an organisation’s IT resources is still a very viable defence approach, as, although no set of security layers is ever going to reach 100 percent protection, the use of multiple layers is still a lot better than the old single-suite option of yesteryear. “The underlying problem is that all commodity operating systems are now too big to protect in their entirety,” he said, adding that – as an example – Windows XP had more than 100 patches applied to it last year by Microsoft. Against this backdrop, Pratt argues that the best solution is create virtual instances of a given operating system environment, taking the concept of virtual machines to its logical conclusion. This means, he says, that even if the defences fail and an attack succeeds, its effects are severely limited to the privileges assigned to the given Web browser session. After the session on a given Web resource finishes, the virtual machine collapses the session and a fresh one is started for the set Web site. “You can let the exploit happen, and its effects are limited,” he explained, adding that he fully expects cybercriminals to come up with new attack vectors on a constant basis. Will there ever come a time when it ceases to become viable for the cybercriminals to develop new attack vectors to attack corporate IT systems, we asked him. That time, he replied, is still a very long way off, as new methodologies will arrive all the time. “Over the last 18 months, it’s all been about Java. That is going to change, and you will see a new set of security threats being used,” he said. Jag Bains, CTO of DOSArrest, agreed that the threat landscape will continue to evolve from its current mix of DDoS attacks and operating system-specific vectors. “Today you’re seeing customised Javascript DDoS attacks – I think this attack vector is going to continue to evolve, as hackers continue to have the motivation to attack a corporate system,” he explained. David Gibson, vice president of Varonis Systems, agreed that cybercriminal attack vectors are evolving, but cautioned that the fundamental problem remains the volume of data to which users of IT systems have access. “We had a meeting with a client recently where users had the same levels of access rights [to data] as their high level management. As a result, we discovered that volumes of company data were being exfiltrated from the system, despite their use of multiple layers of security,” he said. It’s against this backdrop, he told SCMagazineUK.com , that he fully expects attacks to evolve for the foreseeable future, but he adds that the inside attacker is likely to be the “next big thing” in the security attacks arena. “For this reason, I am of the opinion that companies must continue to develop the technical controls required to protect the data in their organisation, as well as evolving the security being used to defend the IT resource,” he concluded. Source: http://www.scmagazineuk.com/infosecurity-europe-are-cybercriminals-winning-the-security-game/article/344740/
View post:
Infosecurity Europe: Are cybercriminals winning the security game?
Small, widely-dispersed botnets ought to do the trick Ignoring the manual and keeping your ‘bot nimble are some of the tips a quartet of security researchers have recommended to help spam reach inboxes more effectively.…
View article:
Boffins pen ‘Guide to better spamming’
The beginning of 2014 saw 1.5 times the number of attacks over 20GB/sec, compared to the rest of 2013, according to new stats released by Arbor Networks today. At the Infosecurity Europe 2014, t…
Read the article:
Spike in DDoS attack size driven by NTP misuse
A programmer has divulged how the Facebook Notes feature can be used to launch distributed denial-of-service (DDoS) attacks against websites. In a blog post this weekend, researcher Chaman Thapa said that the DDoS abuse is possible due to Facebook’s protocol of allowing HMTL image tags in notes. “Facebook Notes allows users to include tags,” Thapa wrote in the Sunday blog post. “Whenever a tag is used, Facebook crawls the image from the external server and caches it. Facebook will only cache the image once, however, [and by] using random GET parameters the cache can be bypassed and the feature can be abused to cause a huge HTTP GET flood.” By creating a list of unique image tags, and using m.facebook.com to create notes, Thapa was able to create several notes, which were each responsible for sending an influx of HTTP request to the target server, he wrote. In only a couple of seconds, he was able to send thousands of GET requests to the designated server. Thapa disclosed the issue to Facebook’s bug bounty program on March 3, but after being alerted to the issue, the company ultimately said that the attack scenario was “interesting/creative,” – but one the company didn’t intend to fix due to the logistics involved. Thapa posted the email correspondence with Facebook (which occurred April 11) in his blog post. “In the end, the conclusion is that there’s no real way to us fix this that would stop ‘attacks’ against small consumer grade sites without also significantly degrading the overall functionality,” Facebook told Thapa. “Unfortunately, so-called ‘won’t fix’ items aren’t eligible under the bug bounty program, so there won’t be a reward for this issue. I want to acknowledge, however, both that I think your proposed attack is interesting/creative and that you clearly put a lot of work into researching and reporting the issue last month. That IS appreciated and we do hope that you’ll continue to submit any future security issues you find to the Facebook bug bounty program.” In a Friday email to SCMagazine.com, a Facebook spokesperson further explained the company’s decision on addressing the bug. “Ultimately, we decided against making changes to avoid disrupting intended and desirable functions,” the spokesperson wrote. Via his blog, Thapa also revealed that similar DDoS abuse can be carried out using Google’s Feedfetcher tool. According to a Google support page, Feedfetcher allows Google to grab RSS or Atom feeds when users add them to their Google homepage or Google Reader. Source: http://www.scmagazine.com/researcher-reveals-how-facebook-notes-can-be-used-to-ddos-sites/article/344271/
Continue Reading:
Researcher reveals how Facebook Notes can be used to DDoS sites
Javascript snafu turned 22,000 bods into unwitting DDoSers Visitors to a video distribution website were unwittingly turned into participants in a hacker’s DDoS battle against a third-party site earlier this month.…
Link:
Innocent surfers drafted into ZOMBIE ARMY by sneaky XSS vuln
Businesses using 123-Reg’s web hosting service were knocked offline on Wednesday evening following a reported distributed denial of service (DDoS) attack. 123-Reg is the UK’s largest domain provider hosting over 1.4 million websites. The company said it was hit by a DDoS style attack that caused disruption to some customers on its shared hosting packages. DDoS attacks typically use a botnet of computers in a co-ordinated attack, driving web traffic to a particular website. The attack appeared to cause patchy service for websites hosted by the company for several hours with many customers taking to Twitter to vent their frustration. UK games and mobile apps start-up Greedy Goblin Games (@GreedyGoblins) tweeted 123-Reg: “It appears your shared hosting servers are down. Can access FTP but not websites”. While IT consultant @thepaulturvey tweeted: “Is there a problem with 123-Reg shared hosting? Multiple sites not responding”. 123-Reg support staff told one UK website owner: “There has been a DDOS type of attack targeting a website from our shared hosting platform which unfortunately affected some of our customers. Our system administrators have contained the attack and the connectivity issues should shortly be resolved”. Update: I’ve received the following statement from 123-Reg confirming the attack. 123-Reg did experience a DDoS attack targeted against one particular customer domain. It was a sustained attack which we monitored closely over the course of several hours. The attack itself was from 823 different IP addresses globally. This resulted in denigrated service to our hosting platform, meaning some customer sites were running slower, but no sites were taken offline as a result of this attack. Customer impact measured in terms of support queries was minimal — and likewise our social platforms saw a handful of comments — which are being addressed on a one to one basis via our support teams. Source: http://betanews.com/2014/04/23/uk-webhost-123-reg-in-ddos-attack/
Read this article:
UK webhost 123-Reg in DDOS attack
A number of users have taken to social media to report issues with their Blockchain.info wallets on Monday. The reason, according to Blockchain, relates to what has been described as “higher than usual traffic volumes due to DDoS [distributed denial of service] attacks” on the company’s servers. Upon this writing, the website presents the following message: Blockchain.info is currently down for maintenance. For status updates please see Twitter. Apologies for any inconvenience. The company took the opportunity to remind users that their wallets were safe, but made the suggestion that all users make backups upon full service restoration. Distributed denial of service attacks target one or more machines by bombarding them with information requests, slowing down services for legitimate users. DDoS attacks are almost commonplace against larger websites, often becoming a frequent occurrence. Blockchain.info serves as the internet’s most popular bitcoin-related website. Growing tremendously fast, the service recently announced the creation of their 1.5 millionth wallet. Last week, it was announced that the company, led by Nic Cary, had signed a five-year deal to hold rights to the bitcoin.com domain name. Source: http://newsbtc.com/2014/04/21/blockchain-info-services-due-ddos-attacks/
Continue Reading:
Blockchain.info Services Down Due to DDoS Attacks