Category Archives: DDoS Vendors

Image 1.png

How Visual Basic Broke Modern Python: Welcome to the World of High Orbit Ion Cannon

In 2012, Anonymous introduced HOIC (high orbit ion cannon) as a replacement to LOIC (low orbit ion cannon). Unlike its predecessors, that were built upon C#, and later java. This new DDoS player was built upon the unsuspecting language of Visual Basic. Taught in high school classrooms, Visual Basic was largely seen by the programming community as a means for kids and young programmers to get their feet wet in the experience of programming. Considered by many programmers as grossly inefficient and a memory hog; Visual Basic was an unsuspected carrier for what would become one of the most powerful means of DDoS. One of the popular notions of HOIC has been its ability to randomize variables such as: user agent, referrer and URI, during an attack. In the same manner, an attack tool known as HULK (developed by: Barry Shteiman, 2012), written in Python, was developed in recent history. Within a controlled environment we tested these DDoS tools to judge their effectiveness and total output. In controlled trials the DDoS output of LOIC (Visual Basic on Windows) outperforms the DDoS output HULK (Python on Linux) by +40%. Figure 1: HOIC Test in Stable Windows Environment Figure 2: HULK Test While many of us in the Internet security industry ridicule and downplay the “kiddie hacker;” it is clear that it sometimes only takes a kiddie to build an empire. Lessons in open source economics teach us that in an open access environment, it takes only a small few to bring about radical change and innovation. Today HOIC has become one of the primary tools of groups such as anonymous. From this lesson, we can expect that challenges and sudden changes, will not come from those paid hundreds of thousands a year; but from those small few kiddies, whom are politically motivated and are paid nothing. Source: http://www.dosarrest.com/ddos-blog/how-visual-basic-broke-modern-python-welcome-to-the-world-of-high-orbit-ion-cannon/

Continued here:
How Visual Basic Broke Modern Python: Welcome to the World of High Orbit Ion Cannon

South Africa a target for DDoS

South Africa is the most targeted country in Africa when it comes to distributed denial-of-service (DDOS) attacks. This was revealed by Vernon Fryer, chief technology security officer at Vodacom, in a keynote address during ITWeb Security Summit 2015, in Midrand, this morning. In computing, a DDOS attack is an attempt to make a machine or network resource unavailable to its intended users. Such an attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Fryer was speaking with reference to statistics from the Vodacom Cyber Intelligence Centre, which the company established eight years ago to analyse the threat landscape on the African continent. He revealed over the past 18 months, there has been a marked increase in DDOS attacks on the continent, with a typical attack averaging 9Gbps. “There has been about a 150% increase in the number of DDOS [attacks] in the last 18 months in Africa,” he said. In terms of the number of attacks, Kenya, Uganda, Algeria, Nigeria and Tanzania respectively come after SA, said Fryer, pointing to the analysis done by the Vodacom Cyber Intelligence Centre last Thursday. According to Fryer, the majority of in-bound traffic to SA emanated mainly from China, Germany, Brazil, Vietnam, Russia, Cyprus, Turkey, Switzerland, Canada and the US. However, he noted, it was surprising Switzerland and Canada were featuring on the list this year, something never witnessed previously. Another unexpected trend showed traffic coming from Swaziland, he added, pointing out the growing number of Chinese communities in the country could be a reason for this spike. Describing some of the attack vectors cyber criminals were making use of in the region, Fryer pointed to scareware, ransomware, fake anti-virus, as well as TDSS Rootkit, among others. The trending malware included KINS Trojan, Skypot, VirRansom, SpyEye Trojan and the Chameleon Botnet. With regard to ransomware attacks in Africa, Tanzania is the most attacked on the African continent, Fryer said. He also noted the trending hacker groups in Africa include Anonymous, also known as the Lizard Squad, the Syrian Electronic Army, as well as the Yemen Cyber Army. Faced with the rise in the level and sophistication of attacks, Fryer said organisations need to constantly monitor the behaviour of their firewalls. Typically, he said, organisations take about five years without monitoring their firewall. “We need to understand if our firewalls are capable of handling today’s threats. Thus, the performance of firewalls needs to be constantly monitored,” he concluded. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=143446:SA-a-target-for-DDOS&catid=234

Taken from:
South Africa a target for DDoS

Teen hires attacker to DDoS his school district

A high school boy might have to face state and federal charges for allegedly hiring a third party and launching a DDoS attack against the West Ada school district, Idaho, US. A 17-year old high school student (the name cannot be disclosed because of him being a minor) might be accused of launching a distributed denial of service (DDoS) attack after hiring a third party. The attack crippled operations at more than 50 schools of the district for a week previously this month. DDoS is a type of attack in which the servers of a particular online service are slowed to such an extent that their processing ability gets clogged up. According to KTVB report , the West Ada students suffered assorted misery due to the attack such as they lost their data on the Idaho Standard Achievement tests. Some of the students also had taken the tests multiple times. The attack lasted around a week and during this phase the online classes and textbooks could not be accessed. Moreover, the faculty and staff also experienced problems in accessing business and administrative systems such as payroll. The IP address from where the attack was launched was finally traced by the school district’s IT staff, which led them to the high schooler. The boy has been suspended from Eagle High but school administration suggested that he should be expelled. According to the Sheriff’s Office, the seventeen year old will most likely be charged with computer crime felony, which can send him to a juvenile detention facility for up to 180 days as the teenager paid someone to overwhelm the system with traffic from multiple sources. Additionally, the boy’s family will also be held responsible for a financial restitution for covering the losses since operations at around 50 schools got disrupted due to the attack. This is not the first time when a teenager attacked an educational institution. In April 12, 2015, Domanik Green, a 14-year-old student studying at Florida’s Paul R. Smith Middle School managed to bypass the school’s computer security network using just his computer skills and gained access to the server that contained FCAT (Florida Comprehensive Assessment Test) data. Source: https://www.hackread.com/teen-ddos-attack-school-district/

View the original here:
Teen hires attacker to DDoS his school district

DDoS attack downs University of London learning platform

A harsh lesson, now stand in corridor for four hours The University of London Computer Centre fell victim to a cyber-attack on Thursday.…

Read this article:
DDoS attack downs University of London learning platform

DDoS reflection attacks are back

At the start of 2014, attackers’ favorite distributed denial of service attack strategy was to send messages to misconfigured servers with a spoofed return address – the servers would keep trying to reply to those messages, allowing the attackers to magnify the impact of their traffic. As those servers got patched, this strategy became less and less effective. But now it’s back, according to a new report from Akamai. Except this time, instead of hitting data center servers or DNS servers, the attackers are going after personal computers on misconfigured home networks. According to Eric Kobrin, Akamai’s director of information security responsible for adversarial resilience, the attackers are taking advantage of plug-and-play protocols, commonly used by printers and other peripheral devices. These attacks, known as Simple Service Discovery Protocol (SSDP) attacks, are now the single largest attack vector for DDoS attacks, accounting for 21 percent of all attacks, up from 15 percent last quarter, and less than 1 percent at this time last year. “There are infectable SSDP services all over the Internet,” he said. “As they are discovered, we help work with people to shut them down.” Although each particular device has just a fraction of the bandwidth available to data center-based servers, there are more of them. “There’s a fertile ground of home systems,” he said. “A property configured home firewall can block this, but there are many improperly configured home systems connected to the Internet – and there are also industrial systems that can be used to reflect attacks as well.” This attack source is also harder to shut down, he said. “It’s easier to go into the data center and have the service providers do the clean-up,” he said. Last quarter, SYN flood attacks – where “synchronize” messages are sent to servers – was the leading attack vector, accounting for 17 percent of all attacks, down slightly from 18 percent of all attacks at the start of 2014. There has also been a change in the size of the median attack, and the typical size range of attacks, Kobrin said, as defensive measures have improved. “The smallest effective attack size has increased, year over year,” he said. “It’s because the smallest attacks are no longer effective.” Another type of DoS attack has gained a foothold for the first time this year. SQL injections, normally used to gain access to systems for the purpose of stealing data, are now being used to shut down Web sites as well. Akamai saw more than 52 million SQL injection attacks during the first quarter of 2015, which accounted for 29 percent of all Web application attacks. The most common targets for SQL injection attacks were retail, travel and media websites. Finally, another attack vector that’s just now starting to make an impact is domain hijacking. “People are actually attacking the registries and getting their own information put in, so the big sites are losing control of their DNS infrastructure,” Korbin said. There have been a few high-profile cases so far, he said, mostly politically motivated, but not yet enough data to measure a trend. “We didn’t see it much in 2012, started seeing a little bit of it in 2013 and 2014, and seeing it more of it now,” he said. He recommended that companies switch on two-factor authentication for their email systems when available, ensure that employees don’t reuse credentials, ask their domain registrars to put a lock on their domains, and, finally, keep a close eye on traffic numbers to spot a drop-off as soon as it happens. With these domain redirects, the attackers are not only able to shut down the legitimate website, but also put up their own content under that website’s brand. Source: http://www.csoonline.com/article/2923832/business-continuity/ddos-reflection-attacks-are-back-and-this-time-its-personal.html

More:
DDoS reflection attacks are back

Hong Kong Banks Targeted By DDoS Attacks, Bitcoin Payout Demanded

On May 9, an general organisation of hackers launched distributed rejection of use (DDoS) attacks on dual of a largest financial institutions in Hong Kong. Hong Kong military reliable that they have perceived reports from a Bank of China and a Bank of East Asia claiming that a hackers demanded payments in bitcoin. “The dual institutions after perceived emails perfectionist payments in bitcoins, or there would be another turn of attacks,” a orator said. According to The Standard Hong Kong, a hackers impressed a websites of a dual banks with trade from mixed sources, causing strange spikes in Internet trade and forcing some of a websites’ resources to be unavailable. However, both banks stressed that nothing of a information and patron accounts were compromised. Finance Magnets reported that a Cyber Security and Technology Crime Bureau has personal a box as “blackmail” and has begun an investigation. The conflict imposed on a dual banks is identical to a DDoS attacks launched on a central corporate websites of banks in China and Hong Kong, many particularly a People’s Bank of China in late 2013. The investigators during a time believed that a attacks were a outcome of a distribution of new manners that taboo financial institutions from traffic with bitcoin. attack, as a response to prohibiting a use of digital currencies in China. The internal media began to assume that a new conflict instituted on a Bank of China and a Bank of East Asia competence have been launched by a organisation of hackers famous as DD4BC. The organisation is now listed on Bitcoin Bounty Hunter and has pounded several websites, including Finnish Bitcoin wallet and sell Bitalo and Bitcoin sports betting height Nitrogensports. “DD4BC threatens a Bitcoin Community with DDoS extortion, blackmailing and slander,” Bitcoin Bountry Hunter explained. “Famous Bitcoin services like Bitalo.com and Nitrogensports.com were pounded and blackmailed.” The banks declined to recover information of a emails perceived by a hackers and a volume of BTC demanded. If a DDoS attacks are continuing, a dual banks might remove adult to $100,000 an hour, American Banker reports. AMR (American Banker Reports) settled that “the normal bandwidth consumed by a DDoS conflict increasing to 7.39 gigabits per second, according to Verisign’s research of DDoS attacks in a fourth entertain of 2014.” A few days have upheld given a Cyber Security and Technology Crime Bureau began questioning a case, though a box hasn’t showed any progress. Source: http://blog.downforjust.me/hong-kong-banks-targeted-by-ddos-attacks-bitcoin-payout-demanded/

View post:
Hong Kong Banks Targeted By DDoS Attacks, Bitcoin Payout Demanded

Chinese cyber-spies hid botnet controls in MS TechNet comments

Online spooks hide ‘numbers station’ control node in plain sight Cyber-spies are increasingly attempting to hide their command and control operations in plain sight by burying their command infrastructure in the forums of internet heavyweights, including Microsoft.…

Read more here:
Chinese cyber-spies hid botnet controls in MS TechNet comments

Time to patch your Cisco TelePresence systems

Because you can’t be telepresent when the bad guys are DOSing you Cisco TelePresence kit and software need patching after the company turned up vulnerabilities that open them up to remote command injection and denial of service attacks.…

View original post here:
Time to patch your Cisco TelePresence systems

SAP crypto offers customers choice of remote code execution or denial of service

Home-baked encryption followed the wrong recipe Yet another proprietary implementation of a popular protocol has turned up unexpected vulnerabilities, with SAP’s data compression software open to remote code execution and denial-of-service exploits.…

View original post here:
SAP crypto offers customers choice of remote code execution or denial of service

How organisations can eliminate the DDoS attack ‘blind spot’

Most DDoS defence solutions are missing critical parts of the threat landscape thanks to a lack of proper visibility. Online organisations need to take a closer look at the problem of business disruption resulting from the external DDoS attacks that every organisation is unavoidably exposed to when they connect to an unsecured or ‘raw’ Internet feed. Key components of any realistic DDoS defense strategy are proper visualisation and analytics into these security events. DDoS event data allows security teams to see all threat vectors associated with an attack – even complex hybrid attacks that are well disguised in order to achieve the goal of data exfiltration. Unfortunately, many legacy DDoS defense solutions are not focused on providing visibility into all layers of an attack and are strictly tasked with looking for flow peaks on the network. If all you are looking for is anomalous bandwidth spikes, you may be missing critical attack vectors that are seriously compromising your business. In the face of this new cyber-risk, traditional approaches to network security are proving ineffective. The increase in available Internet bandwidth, widespread access to cyber-attack software tools and ‘dark web’ services for hire, has led to a rapid evolution of increasingly sophisticated DDoS techniques used by cyber criminals to disrupt and exploit businesses around the world. DDoS as a diversionary tactic Today, DDoS attack techniques are more commonly employed by attackers to do far more than deny service. Attack attempts experienced by Corero’s protected customers in Q4 2014 indicate that short bursts of sub-saturating DDoS attacks are becoming more of the norm. The recent DDoS Trends and Analysis report indicates that 66% of attack attempts targeting Corero customers were less than 1Gbps in peak bandwidth utilisation, and were under five minutes in duration. Clearly this level of attack is not a threat to disrupt service for the majority of online entities. And yet the majority of attacks utilising well known DDoS attack vectors fit this profile. So why would a DDoS attack be designed to maintain service availability if ‘Denial of Service’ is the true intent? What’s the point if you aren’t aiming to take an entire IT infrastructure down, or wipe out hosted customers with bogus traffic, or flood service provider environments with massive amounts of malicious traffic? Unfortunately, the answer is quite alarming. For organisations that don’t take advantage of in-line DDoS protection positioned at the network edge, these partial link saturation attacks that occur in bursts of short duration, enter the network unimpeded and begin overwhelming traditional security infrastructure. In turn, this activity stimulates un-necessary logging of DDoS event data, which may prevent the logging of more important security events and sends the layers of the security infrastructure into a reboot or fall back mode. These attacks are sophisticated enough to leave just enough bandwidth available for other multi-vector attacks to make their way into the network and past weakened network security layers undetected. There would be little to no trace of these additional attack vectors infiltrating the compromised network, as the initial DDoS had done its job—distract all security resources from performing their intended functions. Multi-vector and adaptive DDoS attack techniques are becoming more common Many equate DDoS with one type of attack vector – volumetric. It is not surprising, as these high bandwidth-consuming attacks are easier to identify, and defend against with on-premises or cloud based anti-DDoS solutions, or a combination of both. The attack attempts against Corero’s customers in Q4 2014 not only employed brute force multi-vector DDoS attacks, but there was an emerging trend where attackers have implemented more adaptive multi-vector methods to profile the nature of the target network’s security defenses, and subsequently selected a second or third attack designed to circumvent an organisation’s layered protection strategy. While volumetric attacks remain the most common DDoS attack type targeting Corero customers, combination or adaptive attacks are emerging as a new threat vector. Empowering security teams with DDoS visibility As the DDoS threat landscape evolves, so does the role of the security team tasked with protecting against these sophisticated and adaptive attacks. Obtaining clear visibility into the attacks lurking on the network is rapidly becoming a priority for network security professionals. The Internet connected business is now realising the importance of security tools that offer comprehensive visibility from a single analysis console or ‘single pane of glass’ to gain a complete understanding of the DDoS attacks and cyber threats targeting their Internet-facing services. Dashboards of actionable security intelligence can expose volumetric DDoS attack activity, such as reflection, amplification, and flooding attacks. Additionally, insight into targeted resource exhaustion attacks, low and slow attacks, victim servers, ports, and services as well as malicious IP addresses and botnets is mandatory. Unfortunately, most attacks of these types typically slide under the radar in DDoS scrubbing lane solutions, or go completely undetected by cloud based DDoS protection services, which rely on coarse sampling of the network perimeter. Extracting meaningful information from volumes of raw security events has been a virtual impossibility for all but the largest enterprises with dedicated security analysts. Next generation DDoS defense solutions can provide this capability in a turn-key fashion to organisations of all sizes. By combining high-performance in-line DDoS event detection and mitigation capabilities with sophisticated event data analysis in a state-of-the-art big data platform, these solutions can quickly find the needles in the haystack of security events. With the ability to uncover hidden patterns of data, identify emerging vulnerabilities within the massive streams of DDoS attack and security event data, and respond decisively with countermeasures, next-generation DDoS first line of defense solutions provide security teams with the tools required to better protect their organization against the dynamic DDoS threat landscape. Source: http://www.information-age.com/technology/security/123459482/how-organisations-can-eliminate-ddos-attack-blind-spot  

Read this article:
How organisations can eliminate the DDoS attack ‘blind spot’