A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible. Sathurbot: A versatile threat “Sathurbot can update itself and download and start other executables. We have seen variations of Boaxxe, Kovter and Fleercivet, but that is not necessarily an exhaustive list,” the researchers noted. Sathurbot is also a web crawler, and searches for domain names that can be probed … More ?
New variant of ‘Tsunami’ is a disaster waiting to happen Hackers have brewed up a new variant of the IoT/Linux botnet “Tsunami” that exploits a year-old but as yet unresolved vulnerability.…
In the videos below, McAfee Labs show the setup requirements for installing and deploying TinyNuke. They review the available features of TinyNuke through the control panel, deploy a bot a client machine, and perform attacks against a client.
See the original article here:
Video: TinyNuke botnet explained
The cyber security industry has been urged to co-operate with government to protect UK critical national infrastructure from cyber attacks. UK security services have reportedly told nuclear power stations to bolster their cyber defences in the face of increased threats. Government officials have warned that terrorists, foreign spies and “hacktivists” are looking to exploit “vulnerabilities” in the nuclear industry’s internet defences, according to the Telegraph. UK energy minister Jesse Norman is quoted as saying that nuclear plants must make sure that they “remain resilient to evolving cyber threats”. However, he said the government is fully committed to defending the UK against cyber threats, and that the Civil Nuclear Cyber Securty Strategypublished in February 2017 sets out ways to ensure that the civil nuclear sector can defend against, recover from and remain resilient to evolving cyber threats. According to the strategy, the volume and complexity of cyber attacks against the UK are growing and the range of actors is widening. “The threat is becoming increasingly global and asymmetric. Both states and non-state actors can use easily-available cyber tools for destructive purposes,” the strategy states. The strategy sets out a voluntary roadmap to enable organisations in the civil nuclear sector to meet the increasing threat from cyber, and will support the development of cyber security capability of the sector, ensuring organisations will be able to comply with current and new regulation as well as being able to recover from compromises. However, for this to be achieved, the strategy said civil nuclear sector needs to work as a partnership between the government, regulator and industry, with clear roles and responsibilities which are understood and agreed. The strategy warns that the nuclear industry has to do more to protect itself, saying current mechanisms for sharing information in relation to vulnerabilities and how compromises have been addressed will need to be strengthened and enhanced to ensure good practice is shared, and continuous improvement can be made. In November 2016, veteran US investigative reporter Ted Koppel said a cyber attack on the US power grid is likely, but preparations for such an event are not up to scratch. “We are our own worst enemies,” he told Intel Security’s annual Focus conference in Las Vegas, saying that despite the risk of a cyber attack blackout, the US is unprepared for the consequences. Peter Carlisle, vice-president for Europe, Middle East and Africa at Thales e-Security believes cyber attacks against critical national infrastructure are set to increase dramatically as criminals develop “increasingly heinous methods” to jeopardise the UK’s national security. “From power stations to the transport network, the risk to the public remains severe, especially if hackers are able to gain access to electronic systems. “To tackle this, the security industry must stand shoulder to shoulder with the government to protect data and critical infrastructure from attack, and ensure hostile forces never have the opportunity to do us harm,” he said. Malcolm Murphy, technology director at network management firm Infoblox said attacks against IT networks are becoming increasingly common, and, if carried out against critical national infrastructure, can represent a significant threat to national security. “In addition to the damage caused to the networks themselves, a DDoS [distributed denial of service] attack on an organisation’s domain name system [DNS] can be used to prevent communication of and around the attacks, causing confusion and panic as seen in the attack on the Ukraine power grid in 2015,” he said. “The DNS is a mission-critical piece of network infrastructure used by all organisations without which networks cannot function. Often inadequately protected by traditional security solutions, it remains a vulnerable network component frequently used as an attack vector by cyber-criminals. “With botnets available for hire for relatively small sums of money online, DNS-based DDoS attacks are becoming increasingly easy for cyber criminals to carry out, and in their efforts to defend the country against the growing cyber threat, organisations responsible for the security of critical infrastructure should be making DNS protection a top priority,” he said. Most UK businesses have little visibility or control over their DNS servers and services, even though they are a key component of businesses’ infrastructure and security profile, a report published in March 2017 revealed. Only 8% of companies polled claim to have full visibility across all areas of DNS, including frequency of dropped requests, cache poisoning, latency and overall load on DNS infrastructure, rendering it impossible to ensure a consistent service to internal and external internet users. Source: http://www.computerweekly.com/news/450416097/UK-nuclear-stations-on-terror-alert-for-cyber-attacks
See the article here:
UK nuclear stations on terror alert for cyber attacks
What do cyber-attacks have in common with hurricanes, tornados and earthquakes? All are realities in our world. No matter how common or uncommon they may be, failing to prepare for any of them will lead to costs that could be unbearable—or worse. These were the thoughts of Nikhil Taneja, MD Radware as he shared the company’s annual Global Application & Network Security Report 2016-17 that identifies major attack trends of 2016, outlines industry preparedness, and offers predictions for in 2017. The report finds that 98% of Organizations Experienced Attacks in 2016, indicating that cyber-attacks became a way of life for nearly every organization in 2016. This trend will continue in 2017, predicts Radware. While understanding some crucial aspects such as The threat landscape—who the attackers are, their motives and tools, what will be the potential impact on businesses, including associated costs of different cyber-attacks, how a company’s preparedness level compares to other organizations etc, the report comes up with some of the key findings: – IoT Botnets Open the 1TBps Floodgates- This exemplifies why preparing for “common” attacks is no longer enough. This event introduced sophisticated vectors, such as GRE floods and DNS water torture. – Cyber-Ransom Proves Easiest, Most Lucrative Tool for Cybercriminals- Almost all ransom events have a different attack vector, technique or angle. There are hundreds of encrypting malware types, many of which were developed and discovered this year as part of the hype. Also, DDoS for ransom groups are professionals who leverage a set of network and application attacks to demonstrate their intentions and power. – Cyber-Attacks Cost Almost Twice What You May Think- Most companies have not come up with a precise calculation of the losses associated with a cyber-attack. Those who have quantified the losses estimate the damage at nearly double the amount compared to those who estimate. – Stateful Devices: #1 Point of Failure- Common IT devices, including firewalls, application delivery controllers and intrusion protection systems, now represent the greatest risk for an outage. Consequently, they require a dedicated attack mitigation solution to protect them. Threat Landscape Trends The report identifies top five trends that dominated 2016 threat landscape and will continue to haunt CISOs in the coming years. These include: – Data Leakage + SLA Impact Are Top Concerns – Data leakage and service level impact often come together, with a DDoS attack serving as a smokescreen that distracts IT teams so data can be infiltrated. – Mirai Rewrites the Rules- As the first IoT open-source botnet, Mirai is changing the rules of real-time mitigation and makes security automation a must. It isn’t just that IoT botnets can facilitate sophisticated L7 attack launches in high volumes. The fact that Mirai is open-source code means hackers can potentially mutate and customize it—resulting in an untold variety of new attack tools that can be detected only through intelligent automation. – Non-Volumetric DoS: Alive and Kicking – Despite astonishing volumes, neither the number of victims nor the frequency of attacks has grown. Most non-volumetric DDoS attacks are in relatively lower volumes, with 70% below 100Mbps. Rate-based security solutions continue to fall short, requiring companies to rethink their security strategy and embrace more sophisticated solutions. Without those upgrades, there is a good chance an organization will experience, yet lack visibility into service degradation. – Increased Attacks against Governmental Institutions- 2016 brought a new level of politically affiliated cyber protests. While the U.S. presidential election was in the spotlight, the media reported on a different breach almost weekly. These incidents happened across the globe, with regimes suffering from cyber-attacks due to alleged corruption or perceived injustices. – SSL-Based Attacks Continue to Grow- Although 39% report suffering an SSL-based attack, only 25% confidently state they can mitigate it. – DDoS Attacks Are Becoming Shorter- Burst attacks are increasing thanks to their effectiveness against most mitigation solutions. Security Strategy Evolves Rather Slowly These trends and findings indicate that while hackers continue to develop new attack tools and techniques, 40% of organizations do not have an incident response plan in place. Seventy percent do not have cyber-insurance. And despite the prevalence of ransomware, only 7% keep Bitcoin on hand. Another interesting finding of the study was three-fourths of companies do not employ hackers in their security teams, and 43% say they could not cope with an attack campaign lasting more than 24 hours. “Combining statistical research and frontline experience, the Radware report identifies trends that can help educate the security community. It draws information from sources such as the information security industry survey, where this year, 598 individual respondents representing a wide variety of organizations around the world participated,” Taneja commented. On average, responding organizations have annual revenue of USD $1.9 billion and about 3,000 employees. Ten percent are large organizations with at least USD 5 billion in annual revenue. Respondents represent more than 12 industries, with the largest number coming from the following: professional services and consulting (15%), high tech products and services (15%), banking and financial services (12%) and education (9%), the study notes. Source: http://www.cxotoday.com/story/cyber-attacks-cost-almost-twice-what-you-may-think/
Continue reading here:
Cyber-Attacks Cost Almost Twice What You May Think
Researchers have spotted a new Mirai variant in the wild that is better at launching application layer attacks; other researchers spotted a new Cerber ransomware variant that can evade machine learning. A new variant of the Mirai IoT malware was spotted in the wild when it launched a 54-hour DDoS attack against an unnamed U.S. college. While the attack occurred on February 28, Imperva Incapsula is informing the world about it today. The researchers believe it is a new variant of Mirai, one that is “more adept at launching application layer assaults.” The average traffic flow was 30,000 requests per second (RPS) and peaked at about 37,000 RPS, which the DDoS mitigation firm said was the most it has seen out of any Mirai botnet so far. “In total, the attack generated over 2.8 billion requests.” During the 54-hour DDoS attack on the college, researchers observed a pool of attacking devices normally associated with Mirai such as CCTV cameras, DVRs and routers. Attack traffic originated from 9,793 IPs worldwide, but 70% of the botnet traffic came from 10 countries. The U.S. topped the list by having 18.4 percent of the botnet IPs. Israel was next with 11.3 percent, followed by Taiwan with 10.8 percent. The remaining seven countries of the top 10 were India with 8.7 percent, Turkey with 6 percent, Russia with 3.8 percent, Italy and Mexico both with 3.2 percent, Colombia with 3 percent and Bulgaria with 2.2 percent of the botnet traffic. Other signature factors such as header order and header values also helped the researchers identify the attack as a Mirai-powered botnet, yet the DDoS bots hid behind different user-agents than the five hardcoded in the default Mirai version; it used 30 user-agent variants. Incapsula said, “This–and the size of the attack itself–led us to believe that we might be dealing with a new variant, which was modified to launch more elaborate application layer attacks.” Less than a day after the 54-hour hour attack on the college ended, another was launched which lasted for an hour and half; during the second attack, the average traffic flow was 15,000 RPS. 90% of application layer attacks last less than six hours, Incapsula said, so “an attack of this duration stands in a league of its own.” The researchers said they “expect to see several more bursts before the offender(s) finally give up on their efforts.” Cerber ransomware variant evades machine learning Elsewhere, Trend Micro also has bad news in the form of a new Cerber ransomware variant. Cerber has “adopted a new technique to make itself harder to detect: it is now using a new loader that appears to be designed to evade detection by machine learning solutions.” The newest Cerber variant is still being delivered via phishing emails, but those emails now include a link to Dropbox which downloads and self-extracts the payload. If the loader detects it is running in a virtual machine, in a sandbox, or if certain analysis tools or anti-virus are running, then the malware stops running. Cerber stops, Trend Micro said, if it detects any of the following are running: msconfig, sandboxes, regedit, Task Manager, virtual machines, Wireshark, or if security products from the vendors 360, AVG, Bitdefender, Dr. Web, Kaspersky, Norton or Trend Micro are running. Trend Micro explained: Self-extracting files and simple, straightforward files could pose a problem for static machine learning file detection. All self-extracting files may look similar by structure, regardless of the content. Unpacked binaries with limited features may not look malicious either. In other words, the way Cerber is packaged could be said to be designed to evade machine learning file detection. For every new malware detection technique, an equivalent evasion technique is created out of necessity. Source: http://www.computerworld.com/article/3186175/security/new-mirai-iot-variant-launched-54-hour-ddos-attack-against-a-us-college.html
National digital security specialist CyberSecurity Malaysia has taken part in an Asia Pacific drill to test preparedness for DDOS attacks. Themed ‘Emergence of a New Distributed Denial of Service (DDoS) Threat,’ this year’s Asia Pacific Computer Emergency Response Team’s (APCERT) drill tested different response capabilities of leading Computer Security Incident Response Teams (CSIRT) from the Asia Pacific economies. Throughout the exercise, which was completed on 22 March 2017, the participating teams activated and tested their incident handling arrangements. Commenting on the operation, Dato’ Dr. Haji Amirudin Abdul Wahab, chief executive officer of CyberSecurity Malaysia, said: “Our participation in the APCERT drill is very important indeed as we believe nations in the Asia Pacific region should band together and collaborate more closely to enhance our skills, expertise and process in incident response handling to increase our vigilance against the current trends of DDoS threats.” Dr Amirudin said that CyberSecurity Malaysia and its counterparts in the region are deepening collaboration to target and mitigate DDoS threats. DDOS increase in Malaysia He added that in Malaysia, incidents involving DDoS attacks have been on the rise for the past three years. Such attacks reported to CyberSecurity Malaysia increased to 66 in 2016, almost double from 38 incidents in 2015. In 2014, the incidents recorded stood at 38. As of February 2017, CyberSecurity Malaysia has recorded 11 incidents involving DDoS attacks. The APCERT drill included interaction with local and international CSIRTs/CERTs, and victim organisations, for the coordinated suspension of malicious infrastructure, analysis of malicious code, as well as notification and assistance to affected entities. In addition to Malaysia, 23 APCERT teams from 17 other economies (Australia, Brunei, People’s Republic of China, Chinese Taipei, Hong Kong, India, Indonesia, Japan, Korea, Lao People’s Democratic Republic, Macao, Mongolia, Myanmar, Singapore, Sri Lanka, Thailand and Vietnam) along with 4 CSIRTs from 4 member countries (Egypt, Morocco, Nigeria and Pakistan) of the OIC-CERT participated in the drill. Held for the sixth time, this year’s drill also involved the participation of members from the Organisation of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT). CyberSecurity Malaysia, which is the permanent secretariat for the OIC-CERT, leads the cyber security efforts among the OIC member countries. APCERT was established by leading and national Computer Security Incident Response Teams (CSIRTs) from the economies of the Asia Pacific region to improve cooperation, response and information sharing among CSIRTs in the region. APCERT Operational Members consist of 28 CSIRTs from 20 economies. OIC-CERT was established in January 2009, to provide a platform for member countries to explore and to develop collaborative initiatives and possible partnerships in matters pertaining to cyber security that shall strengthen their self-reliant in the cyberspace. OIC-CERT consists of 33 CERTs, cyber security related agencies and professional from 20 economies. Source: https://www.mis-asia.com/tech/security/cybersecurity-malaysia-in-asia-pacific-drill-to-combat-ddos-attacks/
Tweaking business models for greater 404 kerching The DDoS attack business has advanced to the point that running an attack can cost as little as $7 an hour, while the targeted company can end up losing thousands, if not millions of dollars.…
View the original here:
Did you know: Crimelords behind DDoS attacks offer customer loyalty points?
? Botnet knocked down, but it gets up again ? Aficionados of salacious smut sites in the UK and Canada are picking up some nasty software that infects systems by using corrupted pop-under adverts.…
DDoS attacks can wreak havoc on your company’s efficiency if you’re not careful. The Mirai botnet — malware that can be used for large-scale network attacks — can often go undetected due to common oversights and lack of preparation. It may be daunting to think about how IoT devices that make your company run smoothly can be used against you; however, it doesn’t take much time to set up multiple precautions to prevent it. Below, executives from Forbes Technology Council highlight simple and cost-effective ways that you can safeguard your company from baleful botnets. 1. Start By Looking At Your Infrastructure There are many botnets, Mirai just happens to be one of the largest known ones. Technology companies need to start developing more secure products rather than security being an afterthought. Firms need to look at their internet infrastructure to funnel botnet traffic away from their core business to enable the business to function when these attacks occur. – Heeren Pathak, Vestmark 2. Understand That Anyone Can Be A Target It’s very important to understand that anyone can be a target, no matter if you are a big or small company. If being offline just for a few minutes can cause a big economical impact, then you definitely should find a trusted partner that offers good solutions to mitigate against DDoS attacks. There are some companies offering this kind of service, but a quick Google search should be handy. – Cesar Cerrudo, IOActive 3. Choose The Right Hosting Partners No matter your line of business, your public-facing websites are potential targets of massive DDoS attacks. For business without a dedicated team of security experts, it’s important to choose the right hosting partners. For many customers of AWS, you automatically received free protection against some forms of attacks similar to Mirai botnet with the release of AWS Shield in December of 2016. – Jamey Taylor, Ticketbiscuit, LLC 4. Monitor Your Traffic Companies need to be skeptical of any device they have hanging on their networks. The average company now needs to apply firewall rules on a device-by-device basis, anticipating the possibility of a printer, web camera or AV control system becoming infected. Smart traffic monitoring software and methods of quarantining devices should be commonplace. – Chris Kirby, Voices.com 5. Set Strong, Custom Passwords IT security organizations should ensure their IoT devices have no direct public management access from outside the network. If an IoT device must be managed remotely through publicly accessible IPs, change the management password on the device from the default to a strong, custom one. IT admins need to put intrusion prevention, gateway anti-malware and network sandbox solutions at the network perimeter. – Bill Conner, SonicWall 6. Don’t Rely On The Internet Nearly all consumer products are computer-based in today’s marketplace, which makes reliance on the internet dangerous to a product’s infrastructure. That said, Cloudflare, Akamai and Dynect are solution services that will act as a protective wall for your servers and prevent large-scale network attacks. – Pin Chen, ONTRAPORT 7. Have The Right Company Policies In Place Technology companies should have policies in place to make sure IoT devices default factory credentials are changed as soon as they are procured. Will this guarantee they will never get infected with Mirai botnet? No. But this basic step along with modifying factory default privacy and security settings, firmware updates, audits, etc. will reduce the chances of an IoT device being infected. – Kartik Agarwal, TechnoSIP Inc 8. Cooperate And Act Mirai shows how an internet of everything can cause new kinds of net-quakes. Attackers can fire so much hostile traffic at one target that it takes down entirely unrelated sites nearby, in effect, causing major collateral damage. Unfortunately, there’s no simple defensive fix — it takes cooperation and active network control to deflect traffic tsunamis. – Mike Lloyd, RedSeal 9. Be Prepared Large-scale network attacks are not going away, and technology companies need to ensure they’re prepared. Doing a security audit of what protections are currently in place, and looking for existing holes that need to be plugged, is a good place to start. Also, make sure any IoT devices used at your company have security in place to prevent them from becoming part of this bot army. – Neill Feather, SiteLock Source: https://www.forbes.com/sites/forbestechcouncil/2017/03/16/nine-ways-to-protect-your-technology-company-from-ddos-attacks/2/#73d67f6a7178