Category Archives: DDoS Vendors

Justice Charges Hackers From Lizard Squad, PoodleCorp

Two teenagers face charges from the U.S. Justice Department for allegedly being members of well-known hacking groups Lizard Squad and PoodleCorp. On Thursday (Oct. 6), Krebs on Security reported that the pair have been charged with credit card theft and operating services that enabled paying customers to launch cyberattacks with the intention of knocking websites offline. The two 19-year-olds, Zachary Buchta and Bradley Jan Willem van Rooy, are believed to have conspired to cause damage to protected computers. “The charges are the result of an international investigation into the computer hacking groups ‘Lizard Squad’ and ‘PoodleCorp,’ according to a criminal complaint and affidavit filed in U.S. District Court in Chicago,” a statement from the U.S. Attorney’s Office for the Northern District of Illinois said. “Buchta and van Rooy allegedly conspired with others to launch destructive cyberattacks around the world and trafficked payment accounts that had been stolen from unsuspecting victims in Illinois and elsewhere,” it continued. Last year, the U.K.’s National Crime Agency (NCA) arrested six teenagers for allegedly attempting to access a tool used by the Lizard Squad hacker group. Just days after those arrests were made, the NCA itself was taken down by a targeted cyberattack. The NCA’s website was down for more than an hour and was the target of a distributed denial-of-service (DDoS) attack. In DDoS attacks, hackers bombard a targeted website with an overflow of data, eventually causing the entire network to crash. Lizard Squad took to Twitter shortly after the attack to take credit for the site shutdown. The group also gained press last year for supposedly launching a new business venture that allows anyone to join its security-breaching ways for a low cost of $6 a month. The subscription service known as LizardStresser allows subscribers to obtain a distributed denial-of-service attack tool. “This booter is famous for taking down some of the world’s largest gaming networks, such as Xbox Live, Playstation Network, Jagex, BattleNet, League of Legends and many more!” the LizardStresser homepage boasted at the time. “With this stresser, you wield the power to launch some of the world’s largest denial-of-service attacks.” Source: http://www.pymnts.com/news/security-and-risk/2016/hackers-from-lizard-squad-poodlecorp-arrested/

Visit link:
Justice Charges Hackers From Lizard Squad, PoodleCorp

73% of organisations across the globe have suffered a DDoS attack

A new report from analytics firm Neustar has brought to light the amount of companies around the world who have suffered a DDoS attack, and how they are working to mitigate them. Nearly three-quarters (73 percent) of organisations worldwide have suffered a DDoS attack and 76 percent are investing more in response to the threat of such attacks.  For its new global report, Neustar studied 1,002 directors, managers, CISOs, CSOs, CTOs and other C-suite executives to discover how DDoS attacks are affecting them and what they’re doing to mitigate the threat. Respondents represent diverse industries such as technology (18 percent), finance (14 percent), retail (12 percent) and government (seven percent) in North America, EMEA, and Asia Pacific. In EMEA, 75 percent of organisations were attacked. Nearly half (48 percent) were attacked six or more time and 32 percent encountered malware after a DDoS attack. Almost a quarter (21 percent) of attacked organisations reported customer data theft and 70 percent of those specific respondents said they learned of the attack from outside sources, such as social media. Globally, 30 percent of organisations took less than an hour to detect a DDoS attacks. In  EMEA, 37 percent of organisations took three or more hours to detect attacks. Despite only two percent of reported attacks exceeding 100+ GBPS, recent DDoS attacks have reached over 620 Gbps and up to almost 1 Tbps in attack size. Organisations are seeking to stay one step ahead of the game and protect against DDoS attacks. To prevent and protect against future attacks, organisations are using: Traditional firewall ISP based prevention (53 percent) Cloud service provider (47 percent) On-premise DDoS appliance and a DDoS mitigation service (36 percent) DDoS mitigation service (29 percent) DDoS mitigation appliance (27 percent) CDN (14 percent) WAF (13 percent) No DDoS protection is used in four percent of organisations. Nearly two-thirds (61 percent) have adopted and actively use IoT devices. In all, 82 percent of IoT adopters experienced an attack compared to just 58 percent of those who have not yet done so. Moreover, 43 percent of IoT adopters that were attacked are investing more than they did a year ago. In emailed commentary to  SCMagazineUK .com, Paul McEvatt, senior cyber-threat intelligence manager, UK & Ireland at Fujitsu said, “This latest report revealing the different levels of DDoS attacks has really highlighted the issues with the security of Internet of Things devices, with 82 percent of IoT adopters having experienced an attack compared with just 58 percent of those who have not yet done so. When internet-connected devices are hacked, it again brings to the surface the security risks we face as technology touches every aspect of daily life.  McEvatt added, “The issue is that businesses are failing to understand what is needed for a robust application of security from the outset, whether that’s for routers, smart devices or connected cars. Various attackers use online services to look for vulnerable IoT devices, making organisations an easy target for low-level cyber-criminals. The worrying reality is that security is often an afterthought and security fundamentals are still not being followed such as changing default passwords. Many of the cameras used in the recent DDoS attacks were shipped and left connected to the internet with weak credentials such as root/pass, root/admin or root/1111111, so it is little wonder these devices continue to be compromised.” Source: http://www.scmagazineuk.com/73-of-organisations-across-the-globe-have-suffered-a-ddos-attack/article/527211/

More:
73% of organisations across the globe have suffered a DDoS attack

53% of DDoS attacks result in additional compromise

DDoS attack volume has remained consistently high and these attacks cause real damage to organizations, according to Neustar. The global response also affirms the prevalent use of DDoS attacks to distract as “smokescreens” in concert with other malicious activities that result in additional compromise, such as viruses and ransomware. “Distributed denial-of-service attacks are no longer isolated events limited to large, highly visible, targets. Sophisticated attacks hit companies of all sizes, in all industries,” said Rob … More ?

View article:
53% of DDoS attacks result in additional compromise

Source code unleashed for junk-blasting Internet of Things botnet

Hackforums leak Malicious code used to press-gang IoT connected devices into a botnet was leaked online over the weekend.…

Taken from:
Source code unleashed for junk-blasting Internet of Things botnet

Why a massive DDoS attack on a blogger has internet experts worried

Someone on the internet seems very angry with cybersecurity blogger Brian Krebs. On 20 September, Krebs’ website was hit with what experts say is the biggest Distributed Denial of Service (DDoS) attack in public internet history, knocking it offline for days with a furious 600 to 700 Gbps (Gigabits per second) traffic surge. DDoS attacks are a simple way of overloading a network router or server with so much traffic that it stops responding to legitimate requests. According to Akamai (which had the unenviable job of attempting to protect his site last week), the attack was twice the size of any DDoS event the firm had ever seen before, easily big enough to disrupt thousands of websites let alone one. So why did someone expend time and money to attack a lone blogger in such a dramatic way? Krebs has his own theories, and the attack follows Krebs breaking a story about the hacking and subsequent takedown of kingpin DDoS site vDOS, but in truth nobody knows for certain and probably never will. DDoS attacks, large and small, have become a routine fact of internet life. Many attacks are quietly damped down by specialist firms who protect websites and internet services. But the latest attack has experts worried all the same. Stop what you’re doing DDoS attacks first emerged as an issue on the public internet in the late 1990s, and since then have been getting larger, more complex and more targeted. Early motivations tended towards spiteful mischief. A good example is the year 2000 attacks on websites including Yahoo, CNN and Amazon by ‘MafiaBoy’, who later turned out to be 15-year old Canadian youth Michael Calce. Within weeks, he was arrested. Things stepped up a level in 2008 when hacktivist group Anonymous started an infamous series of DDoS attacks with one aimed at websites belonging to the Church of Scientology. By then, professional cybercriminals were offering DDoS-for-hire ‘booter’ and ‘stresser’ services that could be rented out to unscrupulous organizations to attack rivals. Built from armies of ordinary PCs and servers that had quietly been turned into botnet ‘zombies’ using malware, attacks suddenly got larger. This culminated in 2013 with a massive DDoS attack on a British spam-fighting organization called Spamhaus that was measured at a then eye-popping 300Gbps. These days, DDoS is now often used in extortion attacks where cybercriminals threaten organizations with crippling attacks on their websites unless a ransom is paid. Many are inclined to pay up. The Krebs effect The discouraging aspect of the Krebs attack is that internet firms may have thought they were finally getting on top of DDoS at last using techniques that identify rogue traffic and more quickly cut off the botnets that fuel their packet storms. The apparent ease with which the latest massive attack was summoned suggests otherwise. In 2015, Naked Security alumnus and blogger Graham Cluley suffered a smaller DDoS attack on his site so Krebs is not alone. Weeks earlier, community site Mumsnet experienced a DDoS attack designed to distract security engineers as part of a cyberattack on the firm’s user database. At the weekend, Google stepped in and opened its Project Shield umbrella over Krebs’ beleaguered site. Project Shield is a free service launched earlier in 2016 by Google, specifically to protect small websites such as Krebs’ from being silenced by DDoS attackers. For now it looks like Google’s vast resources were enough to ward off the unprecedented attack, but it’s little comfort to know that nothing short of the internet’s biggest player was the shield that one simple news site needed. With criminals apparently able to call up so much horsepower, the wizards of DDoS defence might yet have to rethink their plans – and fast. Source: https://nakedsecurity.sophos.com/2016/09/29/why-a-massive-ddos-attack-on-a-blogger-has-internet-experts-worried/

View post:
Why a massive DDoS attack on a blogger has internet experts worried

Here’s how security cameras drove the world’s biggest DDoS attack ever

DDoS attacks are reaching monster levels that pose a massive threat The record for the biggest DDoS attack ever seen has been broken once again, with an absolute monster of distributed denial of service firepower managing to almost reach the not-so-magic 1Tbps mark. Technically this was actually two concurrent attacks, although the majority of the traffic was concentrated in one, which is the largest ever recorded single blast of DDoS. As the Register reported, Octave Klaba, the founder and CTO of OVH.com, the French hosting company which suffered the attack, said that the assault consisted of two simultaneous barrages of 799Gbps and 191Gbps, for a total of 990Gbps. The previous largest DDoS was the recent 620Gbps effort that hit ‘Krebs On Security’, the website of security researcher Brian Krebs, which was driven by the same botnet of some 150,000+ compromised Internet of Things devices, routers, DVRs and security cameras responsible for this latest volley. Krebs said he was hit in retaliation to an article posted on his blog, although it isn’t clear why OVH.com came under fire. Massive attacks As Klaba said on Twitter, though, it’s hardly uncommon for his company to experience DDoS, and a tweet outlining the attacks suffered by the organisation over a period of four days this month showed 25 separate attacks which all exceeded 100Gbps (including the two mentioned here). Several others were simultaneous (or near-simultaneous) pairs of attacks, too. He further noted that the botnet in question could potentially up its firepower by some 50% compared to the assault his  company  was hit by, tweeting: “This botnet with 145,607 cameras/dvr (1-30Mbps per IP) is able to send > 1.5Tbps DDoS.” Not only are DDoS attacks getting larger in size, but they are also becoming much more frequent according to a VeriSign report we saw back in the spring – this observed that the number of attacks had almost doubled in the final quarter of 2015, compared to the same period in the previous year. Source: http://www.techradar.com/news/internet/here-s-how-security-cameras-drove-the-world-s-biggest-ddos-attack-ever-1329480

Originally posted here:
Here’s how security cameras drove the world’s biggest DDoS attack ever

Google rushes in where Akamai fears to tread, shields Krebs after world’s-worst DDoS

600 Gbps traffic flood overwhelmed CDN Google has provided free distributed denial of service attack (DDoS) mitigation services to security publication Krebs on Security , stepping in after Akamai withdrew support.…

Continue reading here:
Google rushes in where Akamai fears to tread, shields Krebs after world’s-worst DDoS

Hackers threaten First Securities with DDoS attacks

TAIPEI, Taiwan — First Securities (?????) was blackmailed on Thursday by hackers who threatened to completely disable its trading system with DDoS (distributed denial-of-service) attacks. The hackers asked the brokerage firm to pay 50 bitcoins (approximately NT$940,000), in an email that they sent to First Securities at around 10 a.m. on Thursday. Local newspaper Apple Daily cited an unnamed source as saying that a DDoS attack came at around 11 a.m., stopping all electronic trades. First Securities President Yeh Kuang-chang (???) confirmed that they received the blackmail email but stressed that the firm’s trading system was only slowed down but not disabled by the attacks as reported. The firm has activated a reserve system and, while a small number of investors were affected by the attacks, the system was not paralyzed, Yeh said. He said he believed the situation would be resolved by Friday. Yeh said the firm had reported the incident, which he said had caused no losses to the firm, to the authorities or to the investigation bureau. Yeh also stressed that while the firm had yet to ascertain the origin of the hackers, he had preliminary ruled out the possibility that Thursday’s DDoS attacks were related to the ATM heist aimed at its sister institution — First Commercial Bank — in July. ATMs at 41 First Bank branches were hacked in the incident, with over NT$80 million believed to have been stolen. Seventeen suspects from six countries have been identified in the heist, which involved an international crime ring. The Taiwan Stock Exchange (TWSE) issued a statement at 6 p.m. saying that First Securities suffered from an unknown online attack beginning at 10:50 a.m. and was not able to immediately recover its electronic trading system. The TWSE advised investors to use other forms of trading. TWSE Vice President Chien Lih-chung (???) said the TWSE had informed other securities firms and that no other firms had reported similar blackmail or system problems. Source: http://www.chinapost.com.tw/taiwan/national/national-news/2016/09/23/479195/Hackers-threaten.htm

Read More:
Hackers threaten First Securities with DDoS attacks

Spam is once again on the rise

Spam volume is back to mid-2010 heights, and Cisco Talos researchers say that the Necurs botnet is partly to blame. “Many of the host IPs sending Necurs’ spam have been infected for more than two years. To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions. An infected host might be used for two to three days, and then sometimes not again for two … More ?

Originally posted here:
Spam is once again on the rise