Category Archives: DDoS Vendors

DDoS attack brings down TRAI’s website

Indian telecom regulator TRAI’s official website was on Monday brought down by a hacker group called Anonymous India following the public release of email IDs from which the government body received responses regarding net neutrality. The group also warned TRAI of being hacked soon. “TRAI down! Fuck you http://trai.gov.in for releasing email IDs publicly and helping spammers. You will be hacked soon,” AnonOpsIndia tweeted. The group claimed to launch a DDoS (distributed denial-of-service) attack on the website to make it inaccessible. Slamming the government portal, the group posted: “#TRAI is so incompetent lol They have any clue how to tackle a DDoS?” “But just an alarm for whole #India. You trust incompetent #TRAI who don’t know how to deal with DDoS? Seriously sorry guys. Goodluck!,” it added. Taking a dig at the personnel at TRAI, it tweeted: “Somebody call ‘brilliant minds’ at TRAI and tell them to stop eating samosas and get back to work coz DDoS attack has stopped from here.” In a response to a Twitter user about the attack, Anonymous India said it was “just preventing spammers from accessing those Email IDs posted by Trai publicly.” It said that TRAI is incompetent in dealing with internet. “So those who still think that #TRAi can “handle” the Internet, we just proved you wrong.They just got trolled by bunch of kids.#Incompetence,” the hacker group tweeted. Following tweets suggesting the hacker group to stop their actions, Anonymous India did same. However, the group compalined that no action was taken on those email ids which were revealed. “Guys http://trai.gov.in is back online and they still haven’t done anything about those Email IDs. You guys told us to stop. We did,” it tweeted. “So if you guys still think you can have a chat with incompetent #TRAi, go ahead. But WE ARE WATCHING!,” the group posted. Source: http://indiablooms.com/ibns_new/news-details/N/10099/hacker-group-brings-down-trai-s-website.html

View article:
DDoS attack brings down TRAI’s website

DDoS threat recognized by all members of the C-suite

The increasing number and size of DDoS attacks and their costly and devastating effects on brand perception have not passed unnoticed by North American businesses, most of which have heightened their …

The rise and rise of bad bots – little DDoS

Many will be familiar with the term bot, short for web-robot. Bots are essential for effective operation of the web: web-crawlers are a type of bot, automatically trawling sites looking for updates and making sure search engines know about new content. To this end, web site owners need to allow access to bots, but they can (and should) lay down rules. The standard here is to have a file associated with any web server called robots.txt that the owners of good bots should read and adhere too. However, not all bots are good; bad bots can just ignore the rules! Most will also have heard of botnets, arrays of compromised users devices and/or servers that have illicit background tasks running to send spam or generate high volumes of traffic that can bring web servers to their knees through DDoS (distributed denial of service) attacks. A Quocirca research report, Online Domain Maturity, published in 2014 and sponsored by Neustar (a provider of DDoS mitigation and web site protection/performance services), shows that the majority of organisations say they have either permanent or emergency DDoS protection in place, especially if they rely on websites to interact with consumers. However, Neustar’s own March 2015, EMEA DDoS Attacks and Protection Report, shows that in many cases organisations are still relying on intrusion prevention systems (IPS) or firewalls rather than custom DDoS protection. The report, which is based on interviews with 250 IT managers, shows that 7-10% of organisations believe they are being attacked at least once a week. Other research suggests the situation may actually be much worse than this, but IT managers are simply not aware of it. Corero (another DDoS protection vendor) shows in its Q4 2014 DDoS Trends and Analysis report, which uses actual data regarding observed attacks, that 73% last less than 5 minutes. Corero says these are specifically designed to be short lived and go unnoticed. This is a fine tuning of the so-called distraction attack. Arbor (yet another DDoS protection vendor) finds distraction to be the motivation for about 19-20% of attacks in its 2014 Worldwide Infrastructure Security Report. However, as with Neustar, this is based on what IT managers know, not what they do not know. The low level, sub-saturation, DDoS attacks, reported by Corero are designed to go unnoticed but disrupt IPS and firewalls for just long enough to perpetrate a more insidious targeted attack before anything has been noticed. Typically it takes an IT security team many minutes to observe and respond to a DDoS attack, especially if they are relying on an IPS. That might sound fast, but in network time it is eons; attackers can easily insert their actual attack during the short minutes of the distraction. So there is plenty of reason to put DDoS protection in place (other vendors include Akamai/Prolexic, Radware and DOSarrest ). However, that is not the end of the bot story. Cyber-criminals are increasingly using bots to perpetrate another whole series of attacks. This story starts with another, sometimes, legitimate and positive activity of bots – web scraping; the subject of a follow on blog – The rise and rise of bad bots – part 2 – beyond web scraping. Source: http://www.computerweekly.com/blogs/quocirca-insights/2015/04/the-rise-and-rise-of-bad-bots.html

Continued here:
The rise and rise of bad bots – little DDoS

Week in review: APT wars, 18-year-old bug endangers Windows users, and main sources of data breaches

Here's an overview of some of last week's most interesting news and articles: Simda botnet taken down in global operation The Simda botnet, believed to have infected more than 770,000 computers …

Read the original:
Week in review: APT wars, 18-year-old bug endangers Windows users, and main sources of data breaches

Namecheap DNS Under DDoS Attack

Namecheap DNS hosting is under a DDoS attack, as a result millions of websites are offline. The company issued a statement : We regret to let you know that we are experiencing a DDoS attack against our default DNS system v2. If your domain name(s) is using DNS system v2, it may not be resolving properly at the moment. Unfortunately, there is no current ETA for the issue, but we are doing our best to mitigate the attack and minimize its affect on the service. We will keep you updated on the progress. An update was later posted : Update @ 7:45 AM EDT | 11:45 AM GMT The attack is still ongoing, unfortunately. We are doing our best to mitigate the attack as soon as possible. Your patience and understanding are highly appreciated Source: https://www.shieldjournal.com/namecheap-dns-under-ddos-attack/

Read this article:
Namecheap DNS Under DDoS Attack

Borg routers open to repeat remote DoS attack

Patches cooked for five versions of Cisco’s IOS Remote attackers can send some Cisco routers into a continuous denial of service funk by rebooting network processor chips with a crafted attack. The high-severity hole (CVE-2015-0695) affects the IOS XR software in Cisco ASR 9000 Series Aggregation Services routers running Typhoon-based cards, the second-generation of line cards. The Borg says exploitation could cause “a lockup and eventual reload of a network processor chip and a line card that is processing traffic, leading to a denial of service condition”. “The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface when any of the following features are configured: Unicast Reverse Path Forwarding, policy-based routing, quality of service, or access control lists,” Cisco says in an advisory. “An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface.” Users should apply the patches for five versions as there are no workarounds for the flaw. Software newer than version 4.3.0 are unaffected. The Borg does not know of any in-the-wild attacks using the vulnerabilities and has offered some techniques for admins to identity exposure. Source: http://www.theregister.co.uk/2015/04/16/borg_routers_open_to_repeat_remote_dos_attack/ http://whitepapers.theregister.co.uk/paper/view/3715/cyber-risk-report-2015.pdf

Asia-Plus’s website hit with DDoS attack again

The website of the Media Holding Asia-Plus has been hit with distributed denial-of-service (DDoS) attack again. The Asia-Plus’s website was hit with the DDoS attack on April 14. Over the past ten days, it has already been the third attempt to make the website unavailable to its subscribers. The first DDoS attack o the Asia-Plus’s website was conducted on April 3 and it was conducted practically from all domestic Internet service providers. Restoration of a stable work of the web-resource took nearly three days. The reasons for these DDoS attacks are still unknown because it is not clear who is behind these DDoS attacks. However, it cannot be ruled out that a group of hackers has appeared who want to “test” steadiness of the site. In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, distributed denial-of-service attacks are sent by two or more people, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reportedly reached an average rate of 28 per hour. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. Denial-of-service threats are also common in business, and are sometimes responsible for website attacks. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games. Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations. Source: news.tj/en/news/asia-plus-s-website-hit-ddos-attack-again

More:
Asia-Plus’s website hit with DDoS attack again

Belgian media company experiences DDoS attack

Rossel, a Belgian media group, experienced a distributed denial of service (DDoS) attack that stretched out for several hours Sunday. One of Belgium’s largest French-speaking newspapers, La Soir , along with others sites were affected and were temporarily shut down, according to report by Deutsche Welle . The attack occurred just days after pro-ISIS sympathizers launched a cyberattack against a French television network and Tunisian extremists took over a Belgian regional government website. Didier Hamann, director of Le Soir , tweeted that the perpetrator hadn’t yet been identified. Currently no evidence has been uncovered that links the attack to the one that crippled French TV station TV5 Monde. Hamann also noted that the station was regularly targeted by cyber threats, but “this time the firewall is not working as normal.” Source: http://www.scmagazine.com/ddos-attack-on-belgian-media-group-lasts-hours/article/408998/

See the original post:
Belgian media company experiences DDoS attack

Betat Casino Suffers DDoS Attacks

Betat Casino, a popular international online gaming destination, has been subject to Distributed Denial of Service (DDoS) attacks by yet unidentified hackers, the specialty press reports. The hackers are apparently trying to extort the operator for Bitcoins. The website has made an announcement to its players complaining about their crippled service, in which they revealed the attack and the fact that the hackers wanted 10 bitcoins (currently about $2500) to stop the attack. “ This attack was vicious, massive and wide spread and hit our entire range of sub-nets, even our CDN has been compromised (Content Delivery Network) as well as our AWS (Amazon’s Cloud Service), ” a Betat spokesperson commented on the attack. “To say that 45Gbps of bandwidth is a lot is a gross understatement. These hackers have massive capacity and are highly organized. Luckily, we are well equipped to handle these kinds of attacked and while nothing of this magnitude has been recorded on both our front, nor on the service providers experience, we are highly confident that by end of the week we will have the situation under full control. That said, the next 5-7 days will be rough and our customers may experience times of inconsistent performance.” In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Basically, it floods the targeted servers with huge loads of data, making them function much slower or not available at all to its users. According to the information available on the internet, these types of attacks are either initiated by groups of hackers with their own agenda, or they can be “ordered” through the dark web for as low as $150. Source: http://casinolocale.net/betat-casino-suffers-ddos-attacks/

More here:
Betat Casino Suffers DDoS Attacks

The “Great Cannon”: How China Turns Its Web-sites Into Cyberweapons

When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling… When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling it the Fantastic Cannon. Separate from but positioned within China’s Wonderful Firewall, this “Great Cannon” injects malicious code as a way to enforce state censorship, by working with cyberattacks to damage solutions that help folks inside China see banned content. The Excellent Cannon is not merely an extension of the Fantastic Firewall, but a distinct attack tool that hijacks website traffic to (or presumably from) person IP addresses, and can arbitrarily replace unencrypted content material as a man-in-the-middle. With this most recent DDoS attack, the Wonderful Cannon worked by weaponizing the internet site visitors of visitors to Baidu or any website that utilised Baidu’s comprehensive ad network. This suggests any one visiting a Baidu-affiliated from anyplace in the planet was vulnerable to obtaining their internet visitors hijacked and turned into a weapon to flood anti-censorship internet sites with too a lot targeted traffic. This distinct attack had a narrow target: Particular web sites recognized to circumvent Chinese censorship. But Citizen Lab thinks the Terrific Cannon could be utilised in a substantially broader way. Due to the fact it is capable of making a complete-blown man-in-the-middle attack, it could be made use of to intercept unencrypted emails, for example. The attack launched by the Good Cannon seems somewhat apparent and coarse: a denial-of-service attack on services objectionable to the Chinese government. However the attack itself indicates a far far more significant capability: an potential to “exploit by IP address”. This possibility, not yet observed but a function of its architecture, represents a potent cyberattack capability. As Citizen Lab’s researchers note, it’s fairly strange that China would show off this strong weapon by applying it in such a pointed attack. Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Online to co-opt arbitrary computer systems across the net and outside of China to obtain China’s policy ends. The only silver lining here is that this could prompt a far more urgent push to switch to HTTPS, given that the Good Cannon only operates on HTTP. This attack tends to make it painfully apparent that utilizing HTTPS isn’t just a smart safeguard— it is a required precaution against effective state-sponsored cyberattacks. Source: http://www.eaglecurrent.com/technology/the-quotgreat-cannonquot-how-china-turns-its-web-sites-into-cyberweapons-h4121.html