Polish crims demanded 50% of gambling biz, on pain of firm-killing cyber attacks A pair of cyber-extortionists who attempted to blackmail a Manchester-based online casino with threats of unleashing a debilitating denial of service attack have been jailed for five years and four months.…
See more here:
Casino DDoS duo caged for five years after blackmail buyout threat
Reports claim revenge attack after digi-currency restrictions Angry Bitcoin users are suspected of DDoS-ing the website of China’s central bank following tough new restrictions it levied this week which appear to have forced the world’s biggest Bitcoin exchange into meltdown.…
See the original article here:
China’s central bank hit by DDoS after Bitcoin blitz
Computer systems, in many peoples’ eyes, are there to be hacked — and that means fraudsters are always working on new ways to exploit vulnerabilities. So what does 2014 have in store? Here are seven security predictions for the New Year. DDoS Attacks Get Sneaky DDoS attackers will go from simple volumetric attacks to ones which take advantage of a site’s specific performance characteristics. That’s the prediction of security researchers at Neohapsis, a security and risk management consulting company. DDoS attacks that intelligently target bottlenecks in performance, such as pages with a high server load (like database writes) or specific network bottlenecks (like login and session management), can magnify the impact over attacks which are simply volume-based and request the homepage of a site. So it’s likely that we will begin to see the spread of tools which profile specific targets. The result? DDoS attacks that have more impact, and involve less network traffic, than the ones enterprises have become accustomed to mitigating against. Insider Threats Remain Major Security Problem According to a CyberSecurity Watch survey insiders were found to be the cause in 21 percent of security breaches, and a further 21 percent may have been due to the actions of insiders. More than half of respondents to another recent survey said it’s more difficult today to detect and prevent insider attacks than it was in 2011, and 53 percent were increasing their security budgets in response to insider threats. While a significant number of breaches are caused by malicious or disgruntled employees – or former employees – many are caused by well-meaning employees who are simply trying to do their job. BYOD programs and file sharing and collaboration services like Dropbox mean that it will be harder than ever to keep corporate data under corporate control in the face of these well-meaning but irresponsible employees. Defending against insider threats requires a multi-layered use of technological controls, including system-wide use of data encryption and establishment of policies stressing prevention of data loss. Security Worries Drive Cloud Consolidation Organizations will look to buy more solutions from a single vendor and demand greater integration between solutions to automate security, according to Eric Chiu, president of HyTrust, a cloud security company. The fact that securing cloud environments is very different from securing traditional physical environments will drive greater consolidation in the market, he says. Legacy Systems Cause More Security Headaches The spate of IT failures in banks and other high profile companies highlights a simple fact: Many of them are running legacy systems which are so old and out of date that they are becoming almost impossible to maintain. That’s because there are few people with the skills and expert knowledge that would be needed to run them securely – even if they were updated to eliminate know vulnerabilities, which they frequently are not. They often aren’t updated because no-one knows what impact that would have. It’s inevitable that we’ll see hackers going after such systems, exploiting vulnerabilities that can’t easily be fixed. Encryption Will Be Revisited In the wake of revelations about the NSA, many companies are realizing that encryption many be the only thing that is protecting their data, and it may not be as strong as they imagined. What’s more, if hackers are led to believe there is a weakness in a particular system – either accidental or intentional – they will pound on it until they find it. As a result, many companies will look to improve the way they use encryption. Look for particular attention to be paid to cryptographic block modes like CBC and OFB, and authenticated modes like EAX, CCM and GCM, advise the experts at Neohapsis. In addition to the encryption methods themselves, look for insights and innovations around key management and forward security. ‘Stuxnets’ Become More Common State-sponsored malware like Stuxnet – which is widely attributed to the United States, Israel or both – has proved to be far more sophisticated and effective than anything that a couple of hackers can develop. Expect more of this type of malware from the likes of China, Russia, Iran, India, Brazil and Pakistan. It’s probably already out there, even if it hasn’t yet been detected. 2014 could be the year that its prevalence becomes apparent. Bitcoin Drives New Malware The Bitcoin virtual currency is growing in popularity with legitimate businesses, and that’s likely to continue. That’s because Bitcoin payments offer significant attractions: They are quick and cheap, and there is no possibility of a chargeback. But Bitcoin wallets make attractive targets for criminals, because stolen coins can be cashed out instantly, without a middleman or launderer taking a cut. And many Bitcoin users are relatively unsophisticated, protecting their wallets with very little security. So expect Trojans and other malware that specifically look for and target Bitcoin stashes, as well as ransomware that demands Bitcoins in return for decrypting data. Source: http://www.esecurityplanet.com/network-security/7-security-trends-to-expect-in-2014.html
View article:
7 Security Trends to Expect in 2014
Attackers are compromising Linux and Windows systems to install a new malware program designed for launching distributed denial-of-service (DDoS) attacks, according to researchers from the Polish Computer Emergency Response Team (CERT Polska). Attackers are compromising Linux and Windows systems to install a new malware program designed for launching distributed denial-of-service (DDoS) attacks, according to researchers from the Polish Computer Emergency Response Team (CERT Polska). The malware was found by the Polish CERT at the beginning of December and the Linux version is being deployed following successful dictionary-based password guessing attacks against the SSH (Secure Shell) service. This means only systems that allow remote SSH access from the Internet and have accounts with weak passwords are at risk of being compromised by attackers distributing this malware. “We were able to obtain a 32-bit, statically linked, ELF file,” the Polish CERT researchers said Monday in a blog post. The executable runs in daemon mode and connects to a command-and-control (C&C) server using a hard-coded IP (Internet Protocol) address and port, they said. When first run, the malware sends operating system information — the output of the uname command — back to the C&C server and waits for instructions. “From the analysis we were able to determine that there are four types of attack possible, each of them a DDoS attack on the defined target,” the researchers said. “One of the possibilities is the DNS Amplification attack, in which a request, containing 256 random or previously defined queries, is sent to a DNS server. There are also other, unimplemented functions, which probably are meant to utilize the HTTP protocol in order to perform a DDoS attack.” While executing an attack, the malware provides information back to the C&C server about the running task, the CPU speed, system load and network connection speed. A variant of the DDoS malware also exists for Windows systems where it is installed as “C:Program FilesDbProtectSupportsvchost.exe” and is set up to run as a service on system start-up. Unlike the Linux version, the Windows variant connects to the C&C server using a domain name, not an IP address, and communicates on a different port, according to the Polish CERT analysis. However, the same C&C server was used by both the Linux and Windows variants, leading the Polish CERT researchers to conclude that they were created by the same group. Since this malware was designed almost exclusively for DDoS attacks, the attackers behind it are likely interested in compromising computers with significant network bandwidth at their disposal, like servers. “This also probably is the reason why there are two versions of the bot — Linux operating systems are a popular choice for server machines,” the researchers said. However, this is not the only malware program designed for Linux that was identified recently. A security researcher from the George Washington University, Andre DiMino, recently found and analyzed a malicious bot written in Perl after allowing attackers to compromise one of his honeypot Linux systems. The attackers were trying to exploit an old PHP vulnerability, so DiMino intentionally configured his system to be vulnerable so he could track their intentions. The vulnerability is known as CVE-2012-1823 and was patched in PHP 5.4.3 and PHP 5.3.13 in May 2012, suggesting the attack targeted neglected servers whose PHP installations haven’t been updated in a long time. After allowing his honeypot system to be compromised, DiMino saw attackers deploy malware written in Perl that connected to an Internet Relay Chat (IRC) server used by attackers for command and control. The bot then downloaded local privilege escalation exploits and a script used to perform Bitcoin and Primecoin mining — an operation that uses computing power to generate virtual currency. “Most servers that are injected with these various scripts are then used for a variety of tasks, including DDoS, vulnerability scanning, and exploiting,” DiMino said Tuesday in a blog post that provides a detailed analysis of the attack. “The mining of virtual currency is now often seen running in the background during the attacker’s ‘downtime’.” DiMino’s report comes after researchers from security vendor Symantec warned in November that the same PHP vulnerability was being exploited by a new Linux worm. The Symantec researchers found versions of the worm not only for x86 Linux PCs, but also for Linux systems with the ARM, PPC, MIPS and MIPSEL architectures. This led them to conclude that the attackers behind the worm were also targeting home routers, IP cameras, set-top boxes and other embedded systems with Linux-based firmware. Source: http://news.idg.no/cw/art.cfm?id=41695C7E-ED43-55A5-51306549A5A0A129
Read More:
New DDoS malware targets Linux and Windows systems
Maintaining top-of-the-line server performance is a delicate balancing act between power consumption, user accessibility and a variety of other factors both physical and abstract that can affect how well employees do their jobs or how quickly and effectively IT-related tasks are accomplished. Yet in many cases, even the most stringent attempts to keep the data center operating without issue can run afoul due to external forces. In the past, distributed-denial-of-service (DDoS) attacks were a small fraction of the reasons that businesses experienced outages in their IT infrastructure. However, recent findings from the Ponemon Institute reveal that they now account for 18 percent of these problems. This is up from only 2 percent in 2010, when Ponemon last studied the phenomenon. Data centers get caught in the cross-fire Often enough, these attacks are not even targeting data centers, 451 Research analyst Eric Hanselman told Network Computing. Rather, hackers are attempting to shut down the applications hosted in the IT infrastructure, and the servers become collateral damage in the process. Furthermore, due to the heightened sophistication of DDoS attacks, which are now both faster and more effective due to the amount of traffic that can be generated, these assaults are even harder to stop or recover from than ever. “It appears that these attacks are much more frequent and more difficult to contain than other root causes of data center outages,” Larry Ponemon, founder of the privacy and security think tank that bears his name, said in an email interview with Network Computing. Preventative measures begin with server monitoring Due to the problems associated with these attacks, decision-makers should try and stop them as early as possible. Noticing suspicious activity before it causes an outage can help immensely, but that requires businesses to implement server monitoring tools that can notice suspicious activity such as an uptick in traffic. “The most surprising factor was the lack of readiness or preparedness of companies,” Ponemon told Network Computing. “In general, we found several companies completely unprepared to deal with this type of outage event.” The high cost of a DDoS-based outage Those companies that fail to prevent or ready themselves for a DDoS-based outage may find themselves paying $822,000 on average to deal with the problem, second only to the average cost of outages caused by equipment failure ($959,000), according to Network Computing. This is more than double the expense of dealing with problems originating with human error, which typically only amount to $380,000. These costs relate to lost work time, reduced revenue and the repairs themselves, though overall business disruption amounts to 80 percent of the expenses. While an outage may not be quite as expensive to a smaller business, one could cause relatively similar amounts of damage, and all companies should be ready to quickly get back on their feet after these types of incidents. “The cost of unplanned downtime – whether it is the entire data center or one rack of servers – can be a huge unplanned cost for most organizations,” Ponemon told Network Computing. While Ponemon noted that businesses should expect a data center outage at some point, companies should still strive to minimize the possibility of a breach or attack. Putting in the proper safeguards and having a robust disaster recovery plan in place can reduce the amount of time that servers spend out of service. By implementing the right tools to notice and stop suspicious activity that may be the result of a DDoS attack, decision-makers may also potentially prevent about one-fifth of possible outage causes. Source: http://copperegg.com/ddos-attacks-lead-to-18-percent-of-data-center-outages/
See the article here:
DDoS attacks lead to 18 percent of data center outages
Best hope you weren’t messaging your bank manager Security researchers have discovered an Android botnet that masquerades as a benign settings app for carrying out administrative tasks on mobile devices.…
Read the article:
Android nasty sends your texts to CHINA
Install fake Microsoft extra, become SQL-squirting zombie Cybercrooks have brewed up a botnet that uses a bogus Firefox add-on to scan the web for hackable websites.…
View article:
Bogus Firefox add-on FORCES WITLESS USERS to join vuln-hunting party
Here's an overview of some of last week's most interesting news and articles: The DDoS debate: Multi-layered versus single solution There is a DDoS debate in the cybersecurity industry about whi…
Just days after NatWest Bank suffered a debilitating DDoS attack, a new survey has revealed that most businesses are still unprepared for this kind of threat. Some companies are unprepared for DDoS attacks Just days after NatWest Bank suffered a debilitating DDoS attack, a new survey has revealed that most businesses are still unprepared for this kind of threat. More than half the respondents to a survey by Corero lack adequate distributed denial-of-service (DDoS) defence technology. The study also reveals a lack of DDoS defence planning on multiple levels: nearly half of businesses have no formal DDoS response plan, 54 percent have outdated or non-existent network maps, and around one in three lack any clear idea of their normal network traffic volume. Furthermore, the survey slates businesses for under-investing in their security infrastructures, with around 40 percent of respondents still relying on firewalls, while nearly 60 percent do not test their DDoS defences regularly with network and application-layer tests. However, experts warn that DDos attacks are escalating and say that they can cause not only business disruption but also loss of IP, significant brand damage and a loss of customer confidence. Mike Loginov, CEO and CISO at independent security consultancy Ascot Barclay Group, told SCMagazineUK.com that figures from his firm and others show sharply rising numbers of successful DDoS attacks, adding: “These attacks are not necessarily undertaken by the perpetrator with financial gain in mind. However, they still leave the targeted business suffering costly damage repairs, loss of business and an undermining of the organisation’s capability to defend itself. Many attacks go unreported for fear of brand damage.” Andrew Miller, CFO and COO at Corero, which carried out the latest survey, agreed the threat is growing but stressed that companies are still not doing enough to protect themselves. “These denial-of-service-attacks (DDoS) are increasing and becoming more complex, but we’re still not seeing companies increasing their vigilance, investment and planning,” he told SCMagazineUK.com. “Across the board companies really need a combination of infrastructure investment, but more importantly putting in place plans to be able to detect what’s traversing companies’ networks.” Loginov agreed: “Generally speaking, IT departments, as the report suggests, are just not geared up to defend organisations against what cyber security professionals these days consider rudimentary attacks.” Miller said companies need “hybrid DDoS and cloud protection” but added that currently only “a small percentage” of companies have these defences in place. “What we’re seeing the more proactive customers doing is deploying a combination of both on-premises technology to provide 24/7 protection from denial of service attacks, as well as cloud protection services to deal with the high-volume ‘fill the pipe’ network-layer DDoS attacks – a combination of solutions rather than a single solution.” These warnings come just days after NatWest Bank was hit by a DDoS attack that left customers unable to access their accounts online. The 6 December attack disrupted NatWest’s website for about an hour and briefly hit the websites of the other banks in the RBS Group – RBS and Ulster Bank. The attack was focused on disruption rather than accessing account details. But Miller said organisations need to “understand it’s not just inconvenience, we’re talking about some loss of IPR. In the case of RBS, it’s obviously a significant issue from a brand and customer satisfaction perspective”. Miller added: “Denial of service attacks are often used as a smokescreen, a way of initially gaining entry into IT systems through a brute force-type attack, then following on from that the more sophisticated attacks which are aimed either at stealing customer information or intellectual property. We’re seeing banks in the US we’re talking to subject to these types of attacks on a daily basis.” In a statement to journalists, Jag Bains, CTO of DOSarrest Internet Security , said: “The transparency shown by RBS in admitting that they failed to invest properly in their IT systems is a common refrain amongst many enterprises, large and small. While each organisation may have multiple reasons for failing to invest, they all share the same notion that they won’t be a target until they get attacked. “With DDoS tools becoming more advanced and pervasive, all IT operations should work under the premise that they will be attacked and plan accordingly. Every stack and layer within their purview should be reviewed and they should identify cost-effective cloud solutions for their DDoS which provides much better performance and mitigation than expensive hardware.” The DDoS attacks on RBS came in the same week as an unrelated major IT failure, which hit the Group’s online and mobile banking, ATMs and debit card payments. As SCMagazineUK.com reported, RBS, NatWest and Ulster Bank customers were unable to use their cards to draw cash or pay for goods or services. RBS CEO Ross McEwan branded the outage as “unacceptable” and blamed decades of failure to invest adequately in new technology. Source: http://www.scmagazineuk.com/companies-still-ignore-ddos-attacks/article/324844/
View article:
Companies still ignore DDoS attacks
Thirteen defendants pleaded guilty in federal court in San Jose on Friday to charges related to their involvement in the cyber-attack of PayPal’s website as part of the group Anonymous. One of the def…
See more here:
13 Anonymous hackers plead guilty to PayPal DDoS attack