Category Archives: DDoS Vendors

DDoS Defense: Better Traction in Tandem?

DDoS attacks are nothing new, but they remain the nemesis of many IT departments in organizations big and small. Why? Because attacks can come from any source, use multiple protocols, leverage massive botnets and often aren’t detected until it’s too late. According to SecurityWeek, the U.S. Department of Homeland Security (DHS) is now developing a new kind of DDoS defense, one based on collaboration rather than isolation. But can companies really get better security traction in tandem rather than acting alone? Big Numbers, Big Problems As noted by Dark Reading, DDoS attacks “are growing in frequency, size, severity, sophistication and even persistence each year.” Since there’s no single vector for these attacks — coupled with the fact that many look like server or network failures at first glance — it’s no wonder both small companies and large enterprises are getting hit, and hit often. Consider Rutgers University: In 2015, the institution faced six separate DDoS events. Financial institutions and government organizations faced many more, both attempted and successful, because the mechanism for attacks remains simple: Malicious actors need only reliable botnets and solid connections to launch a full-scale effort. The speed and simplicity of DDoS attacks is also encouraging malicious actors to ramp up their efforts. According to BetaNews, for example, the BBC was hit with a massive attack on New Year’s Eve that — if the attackers themselves are telling the truth — reached a maximum of 602 Gbps. That’s almost double the size of the current DDoS record holder at 334 Gbps. The group responsible, called New World Hacking, also targeted Donald Trump’s website and said it had plans to go after ISIS-related sites, although it claimed the BBC attack was merely a test and not intended to bring the site down for hours. Some security pros said the group may be targeting high-profile sites in an effort to promote its in-house DDoS tool, BangStresser. Stopping Traffic With DDoS Defense With DDoS tools and hacking-as-a-service now available for purchase at virtually any Dark Web marketplace and effectively being advertised through public attacks, companies are understandably concerned. Even when caught midstream, it’s difficult to respond before servers start failing and other, more sophisticated attacks take aim at critical corporate data. As a result, dealing with DDoS has become a top priority for organizations like the DHS, which just awarded a $1.7 million contract to tech company Galois in hopes of strengthening DDoS defense. The biggest news from the announcement is the development of a new project called DDoS Defense for a Community of Peers (3DCoP), which uses a peer-to-peer mechanism that allows organizations to work together and collectively defeat DDoS attacks. The thinking here is that since many companies and institutions are often targeted by similar attacks, a coordinated response increases the chance of early detection and swift response, in turn lowering overall damage. Historically, businesses have been reluctant to share attack data or collaborate on defense for fear of giving away trade security secrets or seeming weak in comparison to other companies. The high-volume, high-impact nature of DDoS attacks, however, make this an untenable position; users don’t care about protecting company pride if the result is reduced compute performance or total server failure. If the DHS effort works as intended, however, organizations should be able to collectively tap the power of the combined whole and get better traction on DDoS defense. In other words, a steady security climb instead of spinning wheels. Source: https://securityintelligence.com/news/ddos-defense-better-traction-in-tandem/

Original post:
DDoS Defense: Better Traction in Tandem?

Group using DDoS attacks to extort business gets hit by European law enforcement

On 15 and 16 December, law enforcement agencies from Austria, Bosnia and Herzegovina, Germany and the United Kingdom joined forces with Europol in the framework of an operation against the cybercrimin…

More here:
Group using DDoS attacks to extort business gets hit by European law enforcement

DDoS attack on Pakistan Government Websites on Live Radio

Dozens of government websites in Pakistan have been targeted by hackers, including one military site that was taken down during a live radio interview with one of the group’s members. The organization responsible, known as New World Hackers, performed a distributed denial of service (DDoS) attack on Pakistan’s Frontier Constabulary website during an appearance on the AnonUK Radio Show on Sunday, following a weekend of sustained attacks on government sites. Dozens of government websites in Pakistan have been targeted by hackers, including one military site that was taken down during a live radio interview with one of the group’s members. The organization responsible, known as New World Hackers, performed a distributed denial of service (DDoS) attack on Pakistan’s Frontier Constabulary website during an appearance on the AnonUK Radio Show on Sunday, following a weekend of sustained attacks on government sites. “It’s not that the Indian hackers want to attack Pakistani sites, there is a war between them and the Pakistani hackers,” the New World Hackers member says. “We upgraded the capabilities of the Indian hackers. “The Pakistani hackers always wish to fuck with India. The Indian hackers are actually the good guys.” Pakistan’s Frontier Constabulary did not respond to a request for comment. Source: http://www.newsweek.com/hackers-take-down-pakistan-government-websites-live-radio-413888

Taken from:
DDoS attack on Pakistan Government Websites on Live Radio

Minnesota Courts Website Target Of DDoS Attacks

A week after the Minnesota courts website was completely shut down for 10 days in December, we’re finally finding out why. The Minnesota Judicial Branch says its website was the target of two distributed-denial-of-service (DDoS) attacks. In a DDoS attack, a website or server is overwhelmed with network traffic until it can no longer function for legitimate users. The MJB says the attacks in December left their site unusable to members of the public for several hours, and was eventually completely shut down from Dec. 21 to 31 in order to install additional safeguards. Officials say no personal data was breached as a result of the attack — DDoS attacks are typically used to sabotage a website or server , rather than steal information. Authorities say initial forensics show the attacks were primarily launched from servers in Asia and Canada, and international authorities are investigating. Source: http://minnesota.cbslocal.com/2016/01/08/minnesota-courts-website-target-of-ddos-attacks/

Visit link:
Minnesota Courts Website Target Of DDoS Attacks

Linode Resets Customer Passwords After Breach, DDoS Attack

Cloud-based webhost Linode absorbed another body blow on Tuesday when it said it was resetting customer passwords after a suspected breach. The development compounded the company’s existing woes as it continues to battle a distributed denial-of-service attack that began on Christmas. A Linode representative said late Tuesday its executives were unavailable for comment and that an investigation was ongoing. The password breach was announced after the company said three accounts were accessed without permission and it discovered two Linode.com user credentials on an “external machine.” “This implies user credentials could have been read from our database, either offline or on, at some point,” Linode said in an advisory to customers. “The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials.” Linode said it notified the customers whose credentials were found on outside machines and said there was no evidence of further intrusion into host or virtual machines. Linode markets its services toward developers and offers quick, scalable solid state driver server deployments. As of this morning, portions of the Linode website were still inaccessible, and the company said it has not been able to determine whether the DDoS attack and the password breach are related attacks. In the past, experts have warned that criminals will use easy-to-mount DDoS attacks against a target in order to distract IT and security staff away from the real target. “The entire Linode team has been working around the clock to address both this issue and the ongoing DDoS attacks. We’ve retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the thorough investigation is complete, we will share an update on the findings,” Linode said. “You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing. At this point we have no information about who is behind either issue. We have not been contacted by anyone taking accountability or making demands. The acts may be related and they may not be.” Linode was relatively quiet about the DDoS attack until a New Year’s Eve blogpost from network engineer Alex Forster. Forster said that a criminal gang was using a botnet to fire bad traffic at Linode’s authoritative nameservers causing DNS outages. All public-facing websites and web and application servers were also targeted, taking down Linode Manager. The attackers also sent traffic at Linode’s colocation provider’s upstream routers and its internal network infrastructure causing packet loss. In all, Forster said there were more than 30 attacks carried out in the week between Christmas and New Year’s Eve. Source: https://threatpost.com/linode-resets-customer-passwords-after-breach-ddos-attack/115790/#sthash.PPbMALPg.dpuf

View post:
Linode Resets Customer Passwords After Breach, DDoS Attack

Bitcoin exchange BTCC stands firm against DDoS ransom hacker and wins

Bitcoin exchange BTCC Technology Ltd. had an interesting time over the new year when it was targeted by a Bitcoin-for-DDoS (Distributed Denial of Service) attack, but in a great story we don’t see often enough, the company held steady and won, complete with a hilarious ending. The company first came under DDoS attack on December 31 when they received an email from an unknown source demanding they pay 1 Bitcoin ($430) in ransom or the attacks would escalate. Having ignored the demand, on New Years Day BTCC was targeted with a 10 Gbps DDoS attack, the strength of which was not expected by the company’s DDoS mitigation service. According to a post on Reddit, the DDoS protection provider said something along the lines of “This thing is huge! You guys aren’t paying us enough for this!” so BTCC paid them more, and the site stayed up. Naturally, as these things go, the second attack was followed by a new ransom demand by the hacker, who was now asking for a payment of 10 Bitcoin ($4300) to prevent a further attack. Instead of paying, BTCC just battened down the hatches waiting for the next attack. Another, more intense DDoS attack of several hours then followed, causing BTCC’s servers to experience some performance issues, including a partial loss of functionality. BTCC still refused to pay the ransom and instead upgraded their servers to cope even better with the increasing attacks. Another ransom email demand was received, with demand for  payment of 30 Bitcoins ($12924) with the hacker adding ““We will keep these attacks up until you pay!…. You had better pay up before you go bankrupt! Mwa ha ha!” BTCC once again ignored the demand, and the attacks recommenced, complete with more demands for Bitcoin. At this point BTCC had ramped up their mitigation efforts so much that no matter how much traffic the hacker sent it didn’t affect their service at all, to the point that the company stopped noticing many of the attacks as they usually failed to disrupt their networks for more than a few minutes after the upgrades they rolled out. Winning Around this point, despite his or hers best efforts and multiple demands, the hacker gave up trying to take the site down, but not before sending one last, hilarious plea to BTCC. “Hey, guys, look, I’m really a nice person. I don’t want to put you all out of business. What do you say we just make it 0.5 BTC and call it even?” This email was, like those before it, ignored by BTCC, which resulted in one final email from the now disgruntled, losing hacker: “Do you even speak English?” and that was that. Although DDoS attacks are serious business and not every company has the capacity to put into place defensive measures, sometimes a story just makes you want to smile. BTCC 1 vs hacker 0. Source: http://siliconangle.com/blog/2016/01/06/great-story-bitcoin-exchange-btcc-stands-firm-against-ddos-ransom-hacker-and-wins/

Link:
Bitcoin exchange BTCC stands firm against DDoS ransom hacker and wins

BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

Hackers against the Islamic State or ISIS have claimed that the BBC website downtime during New Year’s Eve was their DDoS attack, but with no bad intentions. BBC websites were down for several hours during the evening before January 1, 2016. A company source inside BBC admitted that there was a distributed denial of service attack that took the websites down. Now, anti-ISIS hacker group named as New World Hacking is claiming that they were the reason why the BBC websites were unavailable for a quite long duration. However, they did not hack the website to cripple its capability to disseminate news and such. New World Hacking said that they were just testing their capabilities on BBC’s servers. They did not intend to take the site down for hours. “Let me get you proof of our records really quick, our motive was simply because we can. It was almost exactly a 600 GBps attack. We used two nodes to attack with and a few extra dedicated servers. It was only a test, we didn’t exactly plan to take it down for multiple hours. Our servers are quite strong,” the group told Rory Cellan-Jones from BBC via Twitter. DDoS Attacks In A Nutshell For the uninitiated, a DDoS attacks does not really involve a direct “hack” or penetration of a database, but it could be used as a cover. What happened was that the BBC websites experienced a massive flow of web traffic that came from the hacker group. The websites were not able to keep up with the continued barrage of web traffic, resulting it into shutting down. There are different types of DDoS attacks that can be carried out. Some of the attacks directly flood the websites with more traffic than it can handle. Some send only fragments of data packets, which usually leads to the server piecing it back together instead of catering to their legit site visitors. In order to conduct a successful DDoS attack, hackers usually use a wide network of computers known as botnets. These botnets may consist of their own computers or compromised ones across the globe using their own malware. Attack Only A Test, Not Malicious New World Hacking said that they are based in the United States and that they are determined to take down any ISIS affiliated sites and online accounts. Anonymous has previously declared a cyber-war against ISIS as they continuously help in taking down online propaganda and recruitment sites. BBC’s press office refused to comment on the hacker group’s claim. They also did not confirm nor deny if the DDoS attack was the cause of the website’s temporary downtime. “We realise sometimes what we do is not always the right choice, but without cyber hackers… who is there to fight off online terrorists? The reason we really targeted [the] BBC is because we wanted to see our actual server power,” the group told BBC. One person named Ownz from the hacker group said that they were only a team of 12 people. Eight of them were male and four of them were female. Ownz claims that New World Hacking was formed in 2012. Hacker groups are not new, but only a handful of them have actual good intentions. With ISIS trying to recruit followers and jihadists online, these hackers have stepped up to try and stop them from doing so. Some Internet users are cheering them on, while some have questioned their methods and capabilities. At the core, all the soldier deployed across the globe are considered heroes and not the hackers. New World Hacking Campaigns New World Hacking claims that they have already done their part in making the world a better and safer place. They took part in the #OpParis effort in order to help determine the identities of IS affiliated accounts after the terrible Paris attack tragedy in November 2015. Ownz also said that they took part in a campaign against the Ku Klux Klan. Ownz said that they are using a hacking tool named Bangstresser. They claim that they have already used the tool against several IS websites. Bangstresser was said to be developed by another U.S.-based hacker activist. New World Hacking tried out the tool against the BBC websites along with several of their personal computer servers and possibly botnets. Ownz told the BBC that they are planning to attack a new list of ISIS targets online. It is unclear which sites they are referring to, but they were not disclosed in order to help protect the integrity and effectiveness of their campaign. BBC Websites And Services Downtime BBC websites started to be down at around 7 PM on Thursday. Instead of the website interface, they were greeted with an error. In addition to the websites, their iPlayer Radio app and iPlayer catch-up service were also down. The iPlayer app was recently launched for the Apple TV App Store in December 2015. Twitter (NASDAQ: TWTR) users replied to the BBC Press Office’s announcement that they were aware of the “technical issue.” Some have said suggested that they should try turning their servers off and on again. Some have also taken the news in a lighter tone, saying that the HR department should be blamed for insisting the unused leaves be used before 2015 ended. Others took the chance to mock BBC, saying that they shouldn’t rush because they know BBC is telling the truth when they are silent. Other users have also asked if it was DDoS attack, but no replies were given by BBC. Some users have also reported that the BBC Bitesize and BBC Food recipes were down as well. BBC websites started to be back online at around 10:30 PM. However, some of the websites took longer than usual to load. All of the services and websites functioned normally several hours more after. New World Hacking did not say why they chose the BBC services and websites as a test target for their attacks. However, one possible reason is to demonstrate the scale and power of their attacks by attacking one of the most known broadcasting corporations in the world. Source: http://www.biztekmojo.com/001843/bbc-websites-services-taken-down-anti-isis-hacking-group-testing-their-capabilities

Continue Reading:
BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

Valve Reveals Details About Christmas Issues, Personal Info Was Shown, DDoS Attack Involved

Christmas is usually a very busy time for Valve because of the major sales that the company has a habit of running on the Steam digital distribution system, and this year the company had to deal with a set of problems linked to the service and with the way the user base perceived them as an attack that had the potential to affect their personal data. In a new official site article, the studio delivers more information about what happened on December 25, saying that between 11:50 and 13:20 Pacific Standard Time store page requests for around 34,000 users, containing personal information, were seen by others. Valve admits, “The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.” The company also delivers an apology to all those affected by the Christmas problem . Despite the fact that some sensitive information was shared with others, the company makes it clear that users have to take no further action because the Steam system does not allow for it. This means that even if there are plans to work with a third-party company and contact those affected once they have been identified, no action on their part is required to make sure that the accounts are safe. Valve also explains that the problem was created because of a DDoS attack that combined with increased Winter Sale traffic to affect the caching of pages and forced the company to take down the store and deal with the problem. The company makes it clear that such attacks have not managed to break its security and are routinely dealt with. Steam continues to dominate PC digital distribution Valve needs to maintain its services as secure as possible to keep it in the lead on the PC and to continue offering players a wide variety of video games and some spectacular price cuts on special occasions. The Winter Sale is running at the moment, with more than 10,000 video games offered at reduced prices each day and a set of special trading cards that gamers can earn and use to tweak their profile. In late 2015 Valve also introduced the Steam machines, created in collaboration with a wide variety of partners, and the special controller, which offers plenty of new options for PC gamers who want to stay away from their monitors or share a couch with friends. In 2016, the company is planning to also enter the virtual reality space with Vive, which is created in partnership with HTC and does not yet have an official launch date or an attached price. The device was expected to arrive before the end of 2015, but Valve decided to delay it because of a major tech-related breakthrough that’s supposed to improve the user experience once the headset is commercially available. Source: http://news.softpedia.com/news/valve-reveals-details-about-christmas-issues-personal-info-was-shown-ddos-attack-involved-498289.shtml

More:
Valve Reveals Details About Christmas Issues, Personal Info Was Shown, DDoS Attack Involved

BBC reports on BBC tweet about BBC websites DDoS

The BBC’s website and iPlayer service went down on Thursday morning following a cyber attack causing widespread panic on social media A BBC Technology journalist later posted an article on their website saying a “large web attack” had “knocked” their websites offline. Sources within the BBC said the sites were down “thanks to what is knows as a ‘distributed denial of service’ attack”. A National Crime Agency spokesperson said: “DDOS is a blunt form of attack which takes volume and not skill. It’s a very basic attack tool. One analogy is too many people trying to get through a revolving door at the same time so that the door gets stuck.” Social media reaction to the trouble was swift. Many urged the BBC to get the site back up quickly and lamented how long it was taking to fix the technical trouble. Among the Twitter users to pass comment was Stephen Fry. Professor Tim Watson, Director of Cyber Security at the University of Warwick, said: “The BBC site will expect lots of traffic and they are a high profile target so you would expect them to have all kind of protection against a DDos attack. “They will be used to having lots of visitors but usually people visit the site at different times and are not repeatedly asking for lots of information. “The way a DDos attack works is by having control of thousands or millions of computers on a ‘botnet’ – so as people get their computers compromised by visiting websites or clicking on malicious links in emails, they can be remotely controlled and then coordinated to all visit a website at the same time. “So you can have millions of computers all making repeated visits to the same page over and over again and that is how you flood a website to the point where legitimate users can’t get access.” Professor Watson said there are a number of ways big corporations can protect against these kind of attacks but they are expensive. One way of protecting a site is to have something called “fat pipes” – very large data cables capable of dealing with incredibly high amounts of traffic – combined with really fast computers which can filter out anything like DDos traffic and re-route legitimate traffic back to the main website. But Professor Watson asked: “Is it a good used of licence payers’ money to have fatter pipes just on the off chance that one day someone might want to take down the BBC website with a DDos attack?” Cyver security expert Professor Alan Woodward, from the University of Surrey, said an attack like this needs a “degree of coordination”. He said: “I would have thought this could have been so-called hacktivists. The bbc has a large and sophisticated structure themselves and I know they have systems in place to mitigate it so it might have been slightly more than the usual DDoS attack. I cant see why a cyber criminal would do this, they do this for money, the only people who do this to make a point are hacktivists. “You have these groups who are doing this to make a point. Nation states often have the capability to do it. The motives tend to be where you have some group like these active hacker squad, phantom squad and lizard squad who do it.” An official BBC spokesperson said the corporation “are not discussing the causes” of the shutdown “or going into any further detail”. The BBC’s main website is the 89th biggest in the world, according to web analytics firm Alexa, and is the seventh-ranked site in the UK. Twitter goes into meltdown As BBC technicians frantically attempted to work out how to get their website back up and running, Twitter users had a lot of fun as #BBCDown began trending. The corporation apologised for the inconvenience on a number of Twitter feeds, blaming the website and its iPlayer services going down for over an hour on a “technical issue”. It later emerged the corporation had suffered a DDoS – a distributed denial of service – attack. Source: http://www.telegraph.co.uk/news/bbc/12075679/BBC-website-crashes-and-Twitter-goes-into-meltdown.html

Excerpt from:
BBC reports on BBC tweet about BBC websites DDoS