Hacktivist group Anonymous has been firing up its DDoS cannon again, this time aiming it at Spanish government websites, in support of Catalan independence. The group claimed to have taken offline the website of the constitutional court, which ruled the Catalonian referendum illegal last week. It also defaced the website of the Spanish Ministry of Public Works and Transport with a “Free Catalonia” message. A statement from the group had the following: “In the name of all the Catalan independence and democracy, Anonymous Catalonia asks all the Anons of the world who are in favour of the freedom of expression […] and peaceful dialogue to persist in the #FreeCatalonia operation until 29 October 2017.” Various accounts associated with the disparate group have been tweeting messages with #opCatalunya and #FreeCatalonia, claiming “big attacks are coming”, although the government sites in question appear to be back to normal now. “We wish to state that the Catalan people’s desire to express their will via a referendum is the majority view and cuts across all strata of society and is in keeping with the civic, peaceful and democratic determination expressed in the multitudinous demonstrations held by organised society in favour of its right to decide,” noted another Anonymous branded video. Stephanie Weagle, VP at Corero Network Security, argued that DDoS attacks continue to function as an effective disrupter of businesses and in some cases help to distract IT teams while information is stolen. “In order to effectively protect their networks, prevent disruptions to customer operations, and better protect against service outages, downtime and potential data theft, companies need real-time visibility and mitigation of all DDoS attack traffic targeting their networks, regardless of size or duration,” she added. “Traditional security infrastructure will not stand up to these service interrupting attacks—a dedicated layer of DDoS mitigation is required to eliminate the DDoS threat. Source: https://www.infosecurity-magazine.com/news/anonymous-attacks-spanish/
DDoS attacks have become more extensive and are testing the limits of existing DDoS mitigation tools and practices, as well as affecting online businesses globally. Organizations are experiencing an increase in the magnitude of DDoS attacks, with the average size of attacks over 50 Gbps quadrupling in just two years. What presents a particular risk for organizations is the barrage of short, low volume attacks that mask more serious network intrusions. Frost & Sullivan found … More ?
Ever since the initiation of the hard-fork resulting into a new cryptocurrency – Bitcoin Gold (BTG) – from the bitcoin blockchain, the BTG website has been constantly under DDoS attacks and has not resumed operations ever since. Earlier in the day, a new hard fork in the Bitcoin blockchain network gave rise to a new cryptocurrency Bitcoin Gold (BTG) and ever since then the official website has been constantly under DDoS attacks. This new hard-fork which resulted into a derivative cryptocurrency of the popular Bitcoin, has been aimed for establishing a fair platform different from the Bitcoin network which is alleged to have been dominated by large companies. The existing bitcoin mining process requires high-end powerful computing hardware which is quite a lot expensive and certainly not affordable to ordinary miners. As a result the mining process is said to have got centralised into the hands of large companies. With Bitcoin Gold, the miners aim to democratise the mining process by bringing Bitcoin’s inherent value proposition of having a decentralised mode of operation. The first step of the Bitcoin Gold initiation was to take a “snapshot” of the bitcoin blockchain while creating a replica with new set of rules. Moreover, the BTG technical team has decided to release the cryptocurrency absolutely free for all those who are holding bitcoins at the time of fork. Soon after the process was initiated the BTG developer team had started reporting issues pertaining to DDoS attacks on the website. And even hours after the initiation process the attacks seem to have stopped nowhere denying enthusiasts to keep any track of the newly generated BTG cryptocurrency. Adding to the woes, the additional fact is that the new blockchain hasn’t turned public yet and the explorer and tracking tools have not been released yet. Owing to the controversial and divisive nature of cryptocurrency projects such as the Bitcoin Gold, the denial-of-service attacks have been a common phenomenon in occurrence. Jack Liao, LightningAsic CEO, who is said to be the brain behind the BTG’s creation has been quite vocal and critical about the existing mining process of Bitcoins targeting several companies which are profiting from the mining process. His open criticism could possibly be a reason for such attacks. However, in addition to this, there are other reasons attributed to the cause of criticism for Bitcoin Gold. Few developer channels are quite skeptical about BTG using a process in which the BTG will be privately created before being publicly available as an open-source project. Another cause of concern with the Bitcoin Gold is that it has not solved the risk of a “replay attack” which could possibly increase transaction complications when two completely incompatible version of the bitcoin blockchain will be unable to distinguish from each other. At the press time Bitcoin Gold (BTG) is trading at $262, according to the CoinMarketCap Index. The price of Bitcoin (BTC) took a slight hit after the hard fork, losing more than $300 of its all-time max value of $6,000 per-coin. The Bitcoin Gold is still in the development process and we have yet to hear any official from its developer technical team regarding the future plans and its modus operandi. Source: https://www.coinspeaker.com/2017/10/24/ddos-attack-pulls-bitcoin-gold-website/
The Czech statistical office has reported DDoS (Distrubuted Denial of Service) attacks on websites related to the recent parliamentary elections during the vote count. A number of websites of the Czech statistical office (CZSO) have been subject to cyberattacks during the counting of votes in the Czech parliament’s lower house election, Petra Bacova, the CZSO spokeswoman, told Sputnik Sunday. “The websites related to the parliamentary elections — volby.cz and volbyhned.cz — have temporary failed to function due to DDoS attacks [Distributed Denial of Service] during the vote count on Saturday. These attacks have not affected the overall progress of the election,” Bacova said. The police along with the Czech National Cyber and Information Security Agency have already launched an investigation into the attacks. “Thanks to the rapid response, the attacks on the both aforementioned servers have been neutralized, while the work of the websites has been resumed,” Bacova said. The Czech Republic held an election to the lower house of the parliament on Friday-Saturday. The centrist ANO political party won the election, receiving 29.64 percent of votes. Czech President Milos Zeman stated that he was ready to appoint Andrej Babis, ANO’s leader, as Czech prime minister. Source: https://sputniknews.com/europe/201710231058456317-czech-election-hit-cyberattack/
Necurs botnet spreads ransomware carried in Office documents The ever-vigilant folk at the Internet Storm Centre (SANS) have spotted yet another campaign trying to drop the Locky ransomware using compromised Word files.…
Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The apps’ capabilities The apps posed as legitimate offerings that modify the look of the characters in Minecraft: Pocket Edition (PE). In the background, though, they set out to rope the devices into a botnet. Once they were installed on a target device, they would connect to a C&C server, … More ?
VANCOUVER, British Columbia, Oct. 18, 2017 (GLOBE NEWSWIRE) — Internet Security announced today that they have released a new Application Programming Interface(API) for their latest generation of Internet Security Services Software, enabling NSPs, ISPs and Security as a Service companies to directly access any and all of DOSarrest’s cloud based Security Services. This allows any organization to integrate into their existing customer portals any of DOSarrest’s services which include DDoS protection, CDN, best of breed WAF, global load balancing as well as any future services on their aggressive roadmap. Some of the features of the API allow subscribers to auto provision, dynamically spin up/down instances and capacity as required and pick and choose whatever components they need from DOSarrest’s numerous DDoS and WAF elements. This is a new “restful” API, making integration as easy as it gets. Subscribers can also leverage DOSarrest’s Big data analytics engine to manipulate and display logging data as they see fit. Brian Mohammed Director of Sales and Marketing states, “We have had many enquiries from large telcos, especially in Europe, who like and want our service but need an API. We listened and here it is.” Mohammed adds, “This allows virtually anyone to use our services to ensure their customers’ websites are secure from any attack be it large volumetric or a small sophisticated layer 7 attack, all the while it looks like it’s their own service, on-demand.” Mark Teolis, CEO of DOSarrest explains, “We are also willing to build a custom portal for companies that don’t have an in house programming staff to use the new API; why not use our in house development group to help you make it?” In addition, Teolis states, “Once you subscribe to the new API you will have access to all future services, and there are some good ones on the way.” About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, B.C., Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Additional Web security services offered are Cloud based W eb A pplication F irewall (WAF) , V ulnerability T esting and O ptimization (VTO) , DataCenter Defender – GRE as well as cloud based global load balancing . Source: https://globenewswire.com/news-release/2017/10/17/1148970/0/en/DOSarrest-releases-new-API.html
How is cyber terrorism defined and how likely is an attack? Everyone is familiar with what “terrorism” means, but when we stick the word “cyber” in front of it, things get a bit more nebulous. Whereas the effects of real-world terrorism are both obvious and destructive, those of cyber terrorism are often hidden to those who aren’t directly affected. Also, those effects are more likely to be disruptive than destructive, although this isn’t always the case. Cyber terrorism incidents One of the earliest examples of cyber terrorism is a 1996 attack on an ISP in Massachusetts. Cited by Edward Maggio of the New York Institute of Technology and the authors of Internet: A Historical Encyclopedia, Volume 2 , a hacker allegedly associated with the white supremacist movement in the US broke into his Massachusetts-based ISP after it prevented him from sending out a worldwide racist message under its name. The individual deleted some records and temporarily disabled the ISP’s services, leaving the threat “you have yet to see true electronic terrorism. This is a promise” While this is a clear example of a cyber-terrorist incident carried out by a malicious, politically motivated individual that caused both disruption and damage, other frequently listed examples fit less clearly into the category of “terrorism”. For example, while attacks that have taken out emergency services call centres or air-traffic control could be considered cyber terrorism, the motivation of the individuals is often unclear. If a person caused real-life disruption to these systems, but had no particular motivation other than mischief, would they be classed as a terrorist? Perhaps not. Similarly, cyber protests such as those that occurred in 1999 during the Kosovo against NATO’s bombing campaign in the country or website defacements and DDoS attacks are arguably online versions of traditional protests, rather than terrorism. Additionally, in the case of civil war, if one side commits a cyber attack against the other then it can be said to be more of an act of war – or cyber war – than one of cyber terror. Again, where there is a cold war between nations, associated cyber attacks could be thought of as sub-conflict level skirmishes. Indeed, the FBI defines cyber terrorism as “[any] premeditated, politically motivated attack against information, computer systems or computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents”. Under this definition, very few of the tens-of-thousands of cyber attacks carried out every year would count as cyber terrorism. The future of cyber terrorism As the number of connected devices increases, the likelihood of a more destructive cyber terrorist incident – something on a par with an attack in the physical world – becomes increasingly possible. The security industry is full of stories and proofs of concept about hacking medical devices, with two particularly famous demonstrations being given by New Zealander Barnaby Jack. This opens up the possibility for targeted assassinations or mass-scale killings carried out remotely and potentially across borders. Similarly, there are concerns self-driving vehicles could be turned into remote-controlled missiles and used in an attack, although the counter argument is that such vehicles will make the roads safer in the face of terrorists driving conventional vehicles into crowds. Another possible style of cyber terrorism is disruption of infrastructure in a way that could potentially endanger life. For example, in 2016 an unknown actor caused a disruption that saw two apartment buildings in Finland lost hot water and heating for a week in the dead of winter. In locations as cold as Finland, actions like this could cause illness and death if widespread and sustained. Nevertheless, the likelihood is most serious cyber attacks will be acts of cyber warfare, rather than cyber terrorism, as nation states have larger and more sophisticated resources at hand. Source: http://www.itpro.co.uk/security/29726/what-is-cyber-terrorism
CDNeworks research shows 54% of businesses were hit by distributed denial of service attacks in the last year, and many feel they are underinvesting in cyber defences. More than half of businesses (54%) have been victims of successful distributed denial of service (DDoS) attacks over the past 12 months, according to research from cloud security firm CDNetworks. The company surveyed 305 organisations in the UK, Germany, Austria and Switzerland about the technologies that protect them from cyber attacks. Some 83% of the respondents felt either confident or very confident about their cyber defences, but 44% felt they were currently underinvesting in anti-DDoS technologies. Chris Townsley, Emea director for CDNetworks, told Computer Weekly that this mix of opinions was strange. “Not only is there widespread complacency – the overwhelming confidence in DDoS protection, undermined by the high proportion of businesses suffering successful attacks – but there is also a significant number of businesses that are worried that they have not invested enough,” he said. “It is odd to see so much confidence alongside such doubt about whether enough is being done.” The survey also found that 64% of organisations said they would be investing more in such technology over the next year, and in terms of expectation of an attack, 79% rated the likelihood of an attack as between “likely” and “almost certain”. This attitude is reflected in the frequency of incidents, with 86% saying they had suffered a DDoS attack in the previous 12 months. The size of attacks is also growing. In the first half of 2015, the largest DDoS attack recorded was 21Gbps, but during the equivalent period in 2016, it was 58.8Gbps. Also, 31% of attacks in the first half of 2016 were 50Gbps or more, but there were no attacks of that size in the first half of 2015. Townsley added: “As the size of attacks increases, businesses need to look more at protection from the edge and not at the origin or datacentre. “As the size of traffic increases, so does the likelihood that the bandwidth of the origin server will be saturated, no matter what protection is in place to keep it up and functioning. “Also, with the frequency of attacks increasing, businesses should move to a mindset of ‘when’ and not ‘if’ an attack will occur.” When asked whether the number of successful attacks was due to businesses buying the wrong security products, Townsley said: “It could be that the type of protection was not suitable, or was suitable for some types of attack but not all. As the types of attack are changing all the time, products can become obsolete.” Source: http://www.computerweekly.com/news/450428288/More-than-half-of-businesses-fell-victim-to-DDoS-attacks-in-the-past-year-survey-shows
There seems to be some turbulence going on in the murky world of the dark web, with four of its major drug marketplaces unexpectedly going offline, reports said. The dark web is a section of the internet where people contact each other anonymously without the fear of being monitored. It is usually used by criminals to sell drugs, chemicals, weapons, child abuse images and even offer assassination services. Websites The Trade Route, Tochka, Wall Street Market and Dream Market, were down without any notification or clarification from the sites’ administrators. According to some users of such markets, this might either be a DDoS attack by a hacker or a large scale action by law enforcement authorities. However, there are more chances of the former happening than the latter. Some dark web users have also started complaining of botnet attacks. Another farfetched theory is that this is scam by a bunch of drug dealers — taking off with the money of their clients while not providing them with the required merchandize. With no notification or clarification from the sites’ administrators, the exact reason for the sudden disappearance of such marketplaces remains unclear. However, a user going by the name Automoderator commented on a the subreddit /r/DarkNetMarketNoobs that the WallStreetMarket is not listed currently, as it is facing “very serious issues” and warned others to avoid it all costs. Some other users on the subreddit say that the Dream Market has been working fine on all its mirrors, but, however its main site is down. At the time of writing, the marketplaces were still down, according to dark web marketplace tracker deepdotweb. Many sites on the dark web are also run by law enforcement — the Australian Police ran one of the world’s biggest child porn sites on the dark web between October 2016 and September 2017, called Child’s Play, in an effort to nab pedophiles. The police grabbed the administrator access from two cyber criminals — Benjamin Faulkner and Patrick Falte and started administering the sites. Police even posted more child porn on the site in an effort to convince the viewers that the site had not been taken over by the authorities. By the time they shut down the site, police were able to nab more than 90 pedophiles in Australia and 900 across the world. In case, the marketplaces were being taken over by law enforcement to nab drug traffickers and child porn purveyors, it might be a different case. However the development has many dark web users in a state of paranoia and many users have posted on Reddit reminding other users of such busts. Such attacks on dark web markets in the past have usually begun with large-scale DDoS attacks. In July, a massive trans-continental sting saw two of the dark web’s biggest sites at the time, AlphaBay and Hansa, being taken down. Law enforcement agencies claimed they were able to collect incriminating information on hundreds of buyers and vendors, going as far as threatening to prosecute them. Source: http://www.ibtimes.com/dark-web-marketplaces-go-down-reported-mass-ddos-attack-2601105