NTP flaw used again, effects minimal Once again hackers are targeting content-delivery firm Cloudfare, and the company says this latest attack is its biggest yet, peaking at over 400Gbps of traffic.…
Read More:
Europe shrugs off largest DDoS attack yet, traffic tops 400Gbps
CloudFlare said that the attack was close to 400Gbps in size, making it bigger than last year’s DDoS attack against anti-spam outfit Spamhaus, which was measured at just over 300Gbps. Confidentiality stopped CloudFlare from revealing the identify of the customer under attack, and there were few details on how many other companies had been affected. The DDoS attack did, however, seem to pose a bigger threat on European networks, with French hosting outfit OVH later reporting that it had fended off a 350Gbps attack. It’s not known if the same attacker was responsible. Company CEO Matthew Prince responded to the news by saying on Twitter that “someone’s got a big, new cannon” and the attack was the “start of ugly things to come”. While the size of this attack is likely to draw the headlines, it’s worth noting that hackers carried out the DDoS attack by using NTP reflection and amplification techniques, which are increasing common for overwhelming target servers by sending more data packets than switches can support. The attack technique has been seen in relatively recent hacks against online gaming services like Steam, League of Legends and Battle and essentially aims to push big traffic to the target’s Network Timing Protocol (NTP) server. In this instance, attackers used NTP reflection to exploit a weakness in the UDP-based NTP, which connects to the Internet to synchronise clocks on machines. The hackers then spoofed the IP address of the target, and sent DNS queries to open DNS resolvers that will answer requests from anywhere. As a result, overwhelming levels of traffic were sent back to the NTP server. CloudFlare has a detailed blog post on NTP reflection attacks. Martin McKeay, senior security advocate at Akamai Technologies, told SCMagazineUK.com that this method of attack troubles unpatched DNS servers, and said that is attractive to attackers because it can reflect huge traffic back to the target. He added that it’s also favourable to the attacker because UTP is “easily spoofed” and because it’s hard for victims to see who is behind the intrusion. “The main reason for using NTP as an attack tool is that it increases traffic by 100 or 200 percent. It’s a great reflection index and makes for a very effective tool if you’re an attacker. “At 400Gbps, it’s conceivable that the attack is being run by a small botnet outputting 20Gbps to 30Gbps of traffic,” he added. McKeay, and other industry commentators, have advised IT administrators to patch and upgrade their NTP servers in light of this attack, although the Akamai exec admitted that some can assume that NTP servers are safe. “NTP servers are often stable and so haven’t often been looked at before. [IT departments] are having to now.” IT administrators are advised, in light of this attack, to patch and upgrade their NTP servers and to check management rights. Speaking recently to SCMagazineUK.com , Visiting Professor John Walker, of Nottingham Trent University, warned that DDoS attacks will continue to be a big threat in 2014, and added that, since company divisions struggle to get their heads around the issue, the firm itself struggles to establish an effective defence strategy. “Since they see the issue solely from their perspective, they cannot hope to develop an effective strategy to deal with this security problem,” he said at the time. A previously unknown division of the UK Government was recently accused of launching DDoS attacks against hactivisim groups such as Anonymous and LulzSec, while a report from the end of last year revealed that most UK companies ignore DDoS threats. Source: http://www.scmagazineuk.com/cloudflare-spots-largest-ever-ddos-attack/article/333480/
Follow this link:
Largest ever DDoS attack
Researcher allegedly blocked after he went public A security consultant who works for Telefonica has turned up a bug in how Snapchat handles authentication tokens, which enables a denial-of-service attack against users’ phones.…
Read More:
Snapchat bug lets hackers aim DENIAL of SERVICE attacks at YOUR MOBE
JTRIG active intelligence unit boasts of bugging and burgling At the start of this week, documents released by whistleblower Edward Snowden detailed DDOS attacks on chatrooms by a British online intelligence unit dubbed the Joint Threat Research Intelligence Group (JTRIG). Now he has released a new trove showing that JTRIG is about much more than purely online annoyances.…
View article:
Snowden documents show British digital spies use viruses and ‘honey traps’
Prolexic Technologies shared an analysis of nearly a dozen global DDoS attacks that indicates cyber attackers are using DDoS attacks in an attempt to influence market values and interfere with exchang…
Taken from:
DDoS attacks used to influence stock prices
Distributed denial-of-service (DDoS) attacks against mobile networks and data centers are increasing significantly: mobile DDoS attacks alone have more than doubled last year, with nearly a quarter of respondents in a new study indicating that they have seen attacks impacting their mobile Internet infrastructure. In addition, more than 70% operating data centers reported DDoS attacks over the last year, up dramatically from the year before. According to Arbor Networks’ 9th Annual Worldwide Infrastructure Security Report (WISR), more than a third of responding data centers experienced attacks that exceeded total available internet connectivity, nearly double from the previous year. Staggeringly, about 10% saw more than 100 attacks per month. The report also found that DNS infrastructure remains vulnerable. Just over one-third experienced customer-impacting DDoS attacks on DNS infrastructure – an increase of a quarter over the previous year. “Despite a really high-profile year for DNS amplification attacks, including the largest attack ever monitored (Spamhaus), there are still a significant number of open DNS resolvers out there within the survey base,” said Andrew Cockburn, consulting engineer for Arbor’s carrier group, in a blog. “Fully 20% of our respondents do not restrict recursive lookups, which when extrapolated to the entire base of DNS resolvers, makes for rich pickings among those that are interested in launching this kind of attack.” He added that after the Spamhaus attack, which was very well-publicized, Arbor saw a large number of copycat attacks in the months following. “And despite this, the number of open resolvers stayed pretty consistent with last year’s survey,” he said. “I think that the increase in lack of internal organizations with specific responsibility for DNS infrastructure is partly to blame. Without a targeted and holistic approach to security, such organizations have no way to connect the dots between their decisions to leave a resolver open, and the associated security risks.” The report found that more than a quarter of respondents indicated that there is no security group within their organizations with formal responsibility for DNS security, up 19% from the previous report. Also, there’s been a dramatic rise in DDoS attack size in general. In all previous years of the survey, the largest reported attack was 100Gbps. This year, attacks peaked at 309Gbps, and multiple respondents reported attacks larger than 100Gbps. “Last year we saw eight times the number of attacks over 20Gbps when compared to 2012,” said Darren Anstee, solutions architect for EMEA at Arbor. “In short, attackers seem to have re-focused on utilizing large volumetric attacks to achieve their goals and this illustrates why layered DDoS defense is such an important message. “ Meanwhile, internal network, advanced persistent threats (APTs) and ubiquitous application-layer attacks continue to be everyday reality for IT departments too. The proportion of respondents seeing APTs on their networks has increased from 22% to 30% year over year – and respondents ranked botted hosts as their No. 1 concern. “The other key aspect of the results this year, from my perspective, relates to internal network threats,” Anstee said. “Over half of respondents this year indicated that they had seen botted/compromised hosts and or APTs on their internal networks during the survey period. This clearly shows that threats are getting inside networks, either around or through perimeter defenses. Organizations need to augment their security postures so that they can identify suspicious or malicious activities wherever they might occur on their networks.” The report also found that application-layer attacks are now common, with nearly all respondents indicating they have seen them during this survey period. There has also been continued strong growth in application-layer attacks targeting encrypted web services (HTTPS): these are up 17% over the previous year’s report. Source: http://www.infosecurity-magazine.com/view/36687/ddos-surges-in-mobile-and-data-centers/
Read the article:
DDoS Surges in Mobile and Data Centers
With the Target and Neiman Marcus breach being all over the news in the last few weeks, the topic of malware that collects card data directly from Point-of-Sale devices has received renewed interest. …
Major US financial firms JP Morgan Chase and the Bank of America have been targeted by a distributed denial of service (DDoS) attack, according to one hacktivist group. The European Cyber Army has claimed it waged the attack that disrupted online services for customers of the companies between 10:30am and 2:30pm on Tuesday (28 January). It is the latest in a long line of DDoS attacks that the group has admitted to, with the federal court system one organisation recently impacted. Reports suggest the group have also been responsible for disruptive online attacks in Asia, the Middle East and Europe. Both the Bank of America and JP Morgan Chase has refused to comment on the attack, but customers took to Twitter to complain about the outage to online services. Several executives at organisations that track DDoS activity confirm they saw indications two leading US banks were hit on Tuesday. The news of the DDoS attacks comes as Aleksandr Panin, the Russian programmer who created the SpyEye bank hacking tool, was successfully prosected in the US. Source: http://www.bobsguide.com/guide/news/2014/Jan/30/jp-morgan-chase-and-bank-of-america-targets-for-ddos-attacks.html
View post:
JP Morgan Chase and Bank of America targets for DDoS attacks
FBI went down to Georgia Russian national Aleksandr Andreevich Panin has pleaded guilty to charges of banking and wire fraud for his role in developing the SpyEye Trojan, which used botnets of enslaved computers to harvest financial credentials from internet users around the world.…
See more here:
Russian SpyEye author pleads guilty to starting malware onslaught
Controversial right wing website, Whaleoil, has been taken offline by a cyber attack and its editor has received death threats after he labelled a West Coast man killed in a car crash “feral”. A denial of service (DOS) attack started last night, temporarily disabling the blog, and continued today, the website left completely unavailable since 8am. “We are pretty certain it is from New Zealand. We are also pretty certain, due to the fact that they are skiting about it on Facebook, that it is these ferals on the West Coast,” Whaleoil’s editor Cameron Slater said. A DOS attack is intended to block a website from its intended users by overloading the site with requests so it cannot be visited by legitimate traffic. Slater has also received numerous death threats in text messages and on Facebook after a blog in which he described Westcoast man Judd Hall who died on Saturday as a “feral” was reportered in the Greymouth Star. “They are pretty hot under the collar. I wrote a post about that munter who died smacking into that house and a Greymouth Star journalist beat it all up and that set them off in their feral ways,” Slater said. He posted one of the text message threats to his Facebook page that said “we are coming for you” and “we know where you live.” There have been around 250 Facebook messages “imploring me to kill myself or that they are going to come round and kill me in lots of different manners,” Slater said. The threats have been reported to police. It was initially believed that the DOS attack was from the sub-continent after another blog on the site revealed India web traffic to the news site Scoop. “Now with the gloating that is going on from the West Coast ferals we are pretty certain it is them that are involved in it,” Slater said. The website should be back online shortly but the DOS attack has left Slater without a large amount of advertising income. “I don’t discuss my revenues. It is basically a day and a half of revenue,” he said. A DOS attack is illegal under the Crimes Act and is punishable with up to seven years in prison. Source: http://www.stuff.co.nz/technology/digital-living/30013080/whaleoil-down-due-to-dos-attack
See more here:
Whaleoil down due to DDOS attack