Junk traffic mostly floods in from botnets DDoS traffic has more than trebled since the start of 2013, according to a new study released on Thursday that fingers zombie networks as the primary source of junk traffic that can be used to flood websites.…
More here:
When ZOMBIES attack: DDoS traffic triples as 20Gbps becomes the new normal
NSFOCUS released its DDoS Threat Report 2013, which details attack trends and methodologies over the past year. The report includes statistical analysis and key observations based on 244,703 DDoS inci…
Read this article:
Analysis of 244,703 DDoS incidents
Huobi, claimed to be the world’s largest Bitcoin exchange by volume, appears to be down due to “maintenance” to fend off “a large number of DDOS attacks”. The homepage immediately redirects to the warning. Trading and all site functions are unavailable. The warning states that all should return to normal by 15:00. As of 17:00 China Standard Time (CST), the site is still down. Bitcoin (BTC) remains at 3475 yuan on Huobi, or $558, diverging from the $565 found on other major exchanges. For Huobi, the last week has been one of when it rains, it pours. Earlier last week, they launched Litecoin trading. Litecoin prices underwent an enormous boom and bust in span of 48 hours as hype quickly built up in anticipation for LTC’s addition to Huobi, followed by its crash back to earth. On Friday, Bitcoin on Huobi took a reverse course: it crashed by 14% from 3700 to 3200, only to immediately reverse course almost all the way back to par. On OKCoin, BTC swung by double the magnitude, bottoming at 2653, or a loss of 30%. The “flash crash” seemed to have resulted from a rumor on Weibo that China’s central bank issued a document asking all Bitcoin transactions to cease by April 15. The Weibo was forwarded to Sino Financial Report, one of the biggest news agencies in China, without confirmation, and from there to a large number of readers. The Sina news feed was later edited to have a vaguer tone and then removed altogether. So rapid was the rumor and its “retraction” that USD-based exchanges barely had time to react at all, with BTC-e and Bitstamp losing no more than 7% during the period. Since the event, Bitcoin prices have followed a gradual downtrend, trading well below $600, their lowest levels since MtGox’s was becoming a reality. The “flash crash” is reminiscent to the one observed in equity markets on May 6, 2010, when the Dow Jones Industrial Average crashed by over 1000 points (9%) and recovered in a matter of minutes. There, an abnormally large sell order triggered a sell-off exaggerated by high frequency traders looking to capitalize. It has not been confirmed if the flash crash and today’s outage are linked in any way. In theory, one can speculate that the abnormally high volume and severe price movements exposed a vulnerability to potential hackers not previously observed. Source: http://www.dcmagnates.com/huobi-site-down-as-it-fends-against-ddos-attacks/
See original article:
Huobi Site Down as It Fends Against DDOS Attacks
Since March 3 — and perhaps as far back as Feb. 26 — Verizon customers in Westboro and Northboro had been experiencing regular and constant interruptions to their Internet and phone service. Dozens of Westboro residents have discussed the service outages on Facebook (and offer sharp-tongued critiques of Verizon’s response), and six have filed complaints with the state Office of Consumer Affairs and Business Regulation. The disruptions, according to Verizon spokesman Philip G. Santoro, were caused by repeated cyberattacks on one residential customer in Westboro. The cyberattack is called a dynamic denial of service, a DDOS or DOS. In an email, Mr. Santoro described the attack thusly: “Someone deliberately flooded that customer with an overwhelming amount of traffic that rendered their Internet service inoperable.” “When that happened, it caused Internet service to periodically slow down for other customers in Westborough,” he wrote. “We are working to restore service to normal as soon as possible. DOS attacks are all too common today among customers of all Internet providers. It’s important to remind Internet users to keep their firewalls operating and to keep their security software current.” Interestingly, though, when I first asked Mr. Santoro about this, he said there were no widespread outages reported. I think that is because there was nothing physically wrong with the FiOS lines — no technical problems, no trees on the line, etc. At Verizon, the lines were all reported to be working as normal. But customers were calling in complaints and opening repair tickets left and right. The state logs the complaints and passes them on to the service provider, in this case Verizon, said Jayda Leder-Luis, communications coordinator for the Office of Consumer Affairs and Business Regulation. “DOS is a cybersecurity issue, one that can affect voice services that rely on access to the Internet (like VOIP),” she wrote in an email, referring to Voice Over Internet Protocol, in which phone service is provided through an Internet connection. “Those were the kinds of complaints we were receiving.” For dozens of residential and business customers in Westboro and Northboro, the interruptions were frustrating. “It happened around 3 o’clock, every day,” said Allen Falcon, chief executive officer for Cumulus Global, a cloud computing company in Westboro. “Sometimes it was a few minutes, sometimes 45 minutes to an hour.” A few times, the interruptions occurred in the morning, just after 9 a.m., he said. Since the company’s phone service and Internet connection runs through a FiOS line provided by Verizon, when the FiOS line goes out, customers lose both phone and Internet. “For us, it’s incredibly embarrassing as a technology company, to lose our service like this,” he said. “We’re talking to someone and the phone lines goes down, the Internet goes down.” The company has workarounds, in which the office can switch its Internet and phone service to a 4G service provided by their cellphones. “But it’s slower performing and more expensive,” he said. “Some days, around 3 p.m., we have to consider, ‘Should we switch, just in case?’ “ Several customers reported that Verizon had a lot of trouble pinpointing the cause of the interruptions, and several of them had Verizon technicians visit their homes and replace their routers. Since the cause was later determined to be this DOS cyberattack, replacing their routers looks like, in hindsight, a waste of time and money. Steve Winer, a Westboro resident, said Verizon installed a new router at his home, but it made no difference. The outages continued. “I am just wondering how much time and money was wasted on this,” he wrote in an email. “I know I spent at least a couple of hours on the phone, and others shared similar stories. But, if you add up all the shipped routers and unnecessary service calls, along with the time both of us customers and (Verizon) personnel, I am sure it really adds up, and could have been avoided if someone had simply put two and two together and posted a chronic outage which began in February.” On Tuesday, Verizon apparently pinpointed the exact Internet Protocol address of the Verizon customer being attacked, and shut down the customer’s FiOS service. The slowdowns and service interruptions have stopped. Let’s hope they never return. Source: http://www.telegram.com/article/20140323/COLUMN73/303239976/1002/business
View the original here:
Westboro, Northboro Verizon service hit by DDoS attack
A massive worldwide effort is under way to harden the net’s clocks against hack attacks. The last few months have seen an “explosion” in the number of attacks abusing unprotected time servers, said security company Arbor. Unprotected network time servers can be used to swamp target computers with huge amounts of data. About 93% of all the vulnerable servers are now believed to have been patched against attacks. ‘Appropriate’ use The attack that paved the way for the rapid rise was carried out by the Derp Trolling hacker group and was aimed at servers for the popular online game League of Legends, said Darren Anstee, a network architect at net monitoring firm Arbor. That attack took advantage of weaknesses in older versions of the software underlying the network time protocol (NTP). Known as an “NTP reflection” attack, it used several thousand poorly configured computers handling NTP requests to send data to the League of Legend servers. Around the world about 1.6 million NTP servers were thought to be vulnerable to abuse by attackers, said Harlan Stenn from the Network Time Foundation that helped co-ordinate action to harden servers. Precise timings are very important to the steady running of the net and many of the services, such as email and e-commerce, that sit on it. Early 2014 saw the start of an Open NTP initiative that tried to alert people running time servers to the potential for abuse, Mr Stenn told the BBC. Now, he said, more than 93% of those vulnerable servers had been updated. However, he said, this did leave more than 97,000 still open to abuse. Arbor estimates that it would take 5,000-7,000 NTP servers to mount an overwhelming attack. The feature that attackers had exploited had been known for a long time in the net time community and was not a problem as long as those servers were used “appropriately”, he said. “This was before spammers, and well before the crackers started using viruses and malware to build bot armies for spamming, phishing, or DDoS attacks,” he said. Distributed Denial of Service (DDoS) attacks are those that try to shut servers down by overwhelming them with data. The success of the Derp Trolling attack prompted a lot of copycat activity, said Mr Anstee from Arbor. “Since that event it’s gone a bit nuts to an extent and that tends to happen in the attack world when one particular group succeeds,” he said. “We’ve seen an explosion in NTP reflection activity.” NTP reflection attacks can generate hundreds of gigabits of traffic every second, said Mr Anstee, completely overwhelming any server they are aimed at. The copycat attacks have fed into a spike in the number of “large events”, mainly DDoS attacks, that Arbor sees hitting the net, he said. “Historically we used to see a couple of hundred gigabit events every year,” said Mr Anstee. “In February 2014 we tracked 43.” Source: http://www.bbc.com/news/technology-26662051
Here's an overview of some of last week's most interesting news, podcasts, videos, interviews and articles: Latvia establishes a Cyber Defence Unit The newly established unit is part of the volu…
See the original article here:
Week in review: Target breach reaction fail, WordPress sites exploited in DDoS attack
A number of NATO websites have been hit by cyber attacks, but they have had no impact on the military alliance’s operations, a NATO spokeswoman said. The attacks, which affected NATO’s main website, came amid rising tensions over Russian forces’ occupation of Ukraine’s Crimea region where a referendum is to be held on Sunday. NATO spokeswoman Oana Lungescu said on Twitter that several NATO websites have been the target of a “significant DDoS (denial of service) attack.” She said there had been no operational impact and NATO experts were working to restore normal function. Source: http://www.itv.com/news/update/2014-03-16/several-nato-websites-hit-by-ddoscyber-attacks/
View original post here:
NATO websites hit by cyber attacks
Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks. More than 160,000 legitimate WordPress sites were abused to run a large HTTP-based (layer 7) distributed flood attack against a target, which called in cloud security firm Sucuri for help. Security experts discovered that the attack traffic was coming from WordPress sites with pingbacks enabled on blog posts, which is on by default. Pingbacks allow automatic backlinks to be created when other websites link to a page on a WordPress blog. The problem can be fixed by installing a simple plugin, as explained by Sucuri CTO and OSSEC Founder Daniel Cid in a blog post. “Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites,” Cid explains. “Note that XML-RPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you’re likely very fond of. But, it can also be heavily misused.” Sean Power, security operations manager for DOSarrest, a DDoS mitigation technology services firm, said the attack relied on exploiting vulnerabilities in old versions of WordPress. This type of issue has been known about since 2007 and the specific problem abused in the latest run of attacks was fixed more than a year ago in a WordPress core release in January 2013. “Attackers exploited a vulnerability in the core WordPress application and therefore it could be used for malicious purposes in DDoS attacks,” Power explained. “The fix for this feature was actually released in the 3.5.1 version of WordPress in January 2013 and would be picked up by most good vulnerability scanners. “This is a prime example of how users aren’t regularly performing updates to their websites, because if they were, we wouldn’t still be seeing DDoS attacks being carried out by websites taking advantage of this old flaw,” Power added. WordPress is an open source blogging platform and content management system (CMS) that’s used by millions of websites across the interwebs. Source: http://www.theregister.co.uk/2014/03/12/wordpress_vuln_creates_botnet_army/
View the original here:
WordPress USED AS ZOMBIE in DDoS attacks
It’s an attack vector that’s been around ever since the Internet became a valuable business tool. Distributed Denial of Service, of DDoS, attacks are still one of the most prevalent threats facing businesses today. There are reports suggesting that DDoS attacks are on the rise and that the Internet’s DNS infrastructure – critical for the operation of the Internet – remains vulnerable and a significant target. Jag Bains, the CTO at DOSarrest Internet Security, spoke to us about DDoS attacks and what can be done to mitigate their impact. When we spoke with Michael McKinnon from AVG at the Tech Leaders forum in Queensland earlier this year, he said “So much damage is being done, for example, through spoof traffic. If most major network providers were responsible enough to stop traffic from leaving their networks that they knew were coming from IP addresses they weren’t responsible for then we would have spoof traffic on the Internet and cut down networks responsible for this kind of damage”. I asked Bains what could be done to prevent DDoS attacks from being a viable attack vector and whether there was a benefit for network operators to not block the attacks. “They’re not doing it from a revenue opportunity. One guy’s server is compromised for a few days and it flips out a huge bill. But, it’s too much of a headache [for telcos] to make it a revenue stream’” said Bains. “The big guns behind some of these attacks are occurring out of data centres that have compromised servers or hosting networks with compromised servers,” he added. Although it is possible to block spoof packets coming from a network, this would not be as straightforward as it sounds. Bains suggested that there would be significant cost. “It comes at a CPU cost to your routers. You’re dealing with high traffic volumes that might create a different type of bottleneck,” said Bains. I challenged Bains on this, noting that Moore’s Law will take this year’s bottleneck and make it insignificant in a short time. In fact, if we’d taken action like this against DDoS attacks a decade ago there would be little need to suffer these attacks. “Let’s say we did that and it might help to stem these tidal wave attacks. But that doesn’t mean DDoS would have been thwarted. One of the most interesting things in the DDoS arena is the rise of application attacks coming from legitimate sources,” he said. As well as their use to cripple companies and use as a form of ransomware – it’s not unknown for gambling operators in unregulated markets to use DDoS attacks to either cripple or ransom their competition – they can be used to manipulate financial markets. According to Bains the recent Mount Gox attack, that resulted in losses of hundreds of millions of dollars of Bitcoin, was at least partly a DDoS attack. “Hammering the exchange affected stability. Prices lowered and couldn’t come back up and they were using it to influence the peaks and troughs,” he said. “It’s a tool that’s crude in its intentions but highly effective”. Bains’ company, DOSarrest claims to have a solution. Their software can shift the traffic from a DDoS attack to a server environment that is specifically designed to deal with the attack. “All users have to do is change their DNS record to point to one of our IPs. We’re able to take the DOS attack out of hosting the network, bring it to a topology or infrastructure that is groomed specifically for that only”. What’s clear is that DDoS attacks are here to stay and that there is no silver bullet that will prevent their occurrence. However, it is possible to mitigate the damage they can do. Source: http://www.cso.com.au/article/540163/ddos_attacks_still_significant_threat/?fp=4&fpid=959105
View the original here:
DDoS Attacks Still a Significant Threat
Mt. Gox K.K., the collapsed trading platform for the bitcoin digital currency, came under so-called distributed denial of service (DDoS) attacks aimed at shutting its servers by overloading them with massive volumes of data in early February, it has been learned. Also between February and earlier this month, bitcoin exchanges in Canada and Slovenia were hit by similar attacks, indicating such cyber-attacks have been launched on a global scale. According to sources, the Tokyo-based Mt. Gox was struck by cyber-attacks aimed at stealing bitcoins beginning Feb. 7 by exploiting security shortfalls in its system. Separately, it came under major DDoS attacks, with the system accessed 150,000 times per second. The attacks mostly from servers in the United States and Europe continued for several days. The company suspended bitcoin withdrawals on Feb. 10. DDoS attacks often hijack a large number of computers with viruses. According to the sources, perpetrators often launch such attacks to steal data when a company tries to mend defects in its system. Although the DDoS attacks failed to shut down Mt. Gox’s system, subsequent attacks targeted flaws in its system, stealing a massive amount of bitcoins. In mid-February, a Slovenian bitcoin exchange temporarily suspended trading due to a system glitch caused by cyber-attacks. A Canadian bitcoin exchange announced that it has lost 896 bitcoins, the equivalent of ¥60 million, due to cyber-attacks, while another exchange reported that more than 12 percent of its bitcoin holdings was stolen. “[The attacks] are probably launched by multiple hackers who want to boast they broke into the bitcoin systems,” said Tetsutaro Uehara, a professor of information security at Ritsumeikan University. “DDoS attacks can be done without high-level hacking techniques. It is possible that copycats turned their eyes on other exchanges after weaknesses in Mt. Gox’s system were found.” One week after Mt. Gox filed for bankruptcy protection, the bitcoin community is still puzzled over what exactly caused the company to go under. What are believed to be in-house documents of Mt. Gox, including a draft detailing the purported theft, are circulating on the Internet. Around Feb. 25, before the company suspended business, English documents titled “Crisis Strategy Draft” reporting 744,408 bitcoins had been stolen were posted on the Internet. The damage was almost the same as the figure cited by the company when it collapsed. Earlier this month, a self-proclaimed Russian hacker posted audio recordings of alleged conversations between Mt. Gox Chief Executive Officer Mark Karpeles and a Japanese megabank official, who urged him to close the company’s account in the bank. According to sources, the recordings are believed to be genuine. The “Russian hacker” also posted the design chart of the Mt. Gox computer system. A ‘genuine geek’ Source: http://the-japan-news.com/news/article/0001103726