Category Archives: Security Websies

What Is a DDoS Attack?

What Is a DDoS Attack? Before we can understand just how groundbreaking this recent attack was, let’s first go over exactly what a denial of service attack is. It is one of the least complicated attacks that a hacker can pull off. Basically the goal is to shut down a webserver or connection to the internet. Hackers accomplish this by flooding the server with an extremely large amount of traffic. It would be like taking a wide open freeway and packing it full of the worst rush hour traffic you could imagine. Every connection to and from the freeway would grind to a halt. This would make visiting the website (or the road) next to impossible, or at the least extremely slow! In some cases, the server might overload and shut down completely. When this happens, it doesn’t mean that the website was necessarily hacked. It just means that the website was kicked off the internet for a period of time. This may not sound like that big of a deal, but if your company relies heavily on its online presence, this interruption of service could take a huge cut out of profits. DoS v. DDoS The next item to be clarified is the difference between a DoS (Denial of Service) attack and a DDoS or (Distributed Denial of Service) attack. This distinction is pretty simple: a DoS attack comes from one network or computer whereas a DDoS comes from multiple computers or networks. DDoS attacks are most always bigger than a DoS attack because the strength of the attack can be multiplied by a huge amount of computers. Source: http://www.scientificamerican.com/article.cfm?id=what-is-ddos-attack

Preparing for DDoS attacks

Not everyone despaired over the Distributed Denial of Service (DDoS) attacks that hit some of the Web’s biggest e-commerce sites in February. Security consultants and developers of security tools seized the opportunity to spotlight their solutions. Simple DoS attacks are not new. During one, a hacker floods a system with packets of useless requests, making the system so busy it denies access to legitimate users. What’s new are the hacker tools that enable DDoS attacks, in which a hacker uses dozens or hundreds of machines to worsen the attack. The hacker uses client software on one PC to install ‘zombie’ or ‘back door’ programs on other servers, which then flood a target system with useless packets. Zombie programs, including TFN (Tribal Flood Network), Trin00, TFN2K (Tribal Flood Network 2K) and Stacheldraht (Barbed Wire), arrived last fall destined for Solaris, Linux and Windows NT servers. Until recently, most security packages designed to thwart such attacks were aimed at the Unix environment. Now, however, hundreds of programs are being designed for Windows NT, ranging from Internet Security Systems’ (ISS) award-winning SAFEsuite software to BindView Corp.’s free and downloadable Zombie Zapper. Some programs scan the addresses of outgoing messages, intercepting wayward messages before they swamp a potential victim. Others allow administrators to block fake messages from entering a system, or stop the echo functions that help create the constant data flood in a DoS attack. While the programs for NT are good news, the task of evaluating them can easily overwhelm an IS staff, according to Aberdeen Group, a consultancy in Boston. Adding pressure are unresolved issues of liability when one’s computers have been compromised because of lax security. To organize efforts and provide a modicum of legal defense, leading security practitioners suggest these guidelines: Perform a security audit or risk assessment of critical systems using system- and network-based vulnerability tools. Identify and empower an Incident Response Team. Establish an Emergency Response and Escalation Plan. Install Intrusion Detection and Response systems. Examine legal liability exposure. If systems are under attack: Alert your Incident Response Team. Contact your ISP; often, hosts can shut down your access line, stopping the attack. Notify CERT/CC. Notify law enforcement authorities at the FBI and the National Infrastructure Protection Center (NIPC). Monitor systems during the attack using network and host-based intrusion detection systems. Enable detailed firewall logging. Collect forensics to prosecute hackers later. Source: http://networksasia.net/article/preparing-ddos-attacks-960134400

Read the article:
Preparing for DDoS attacks

GitHub wipes hand across bloodied face, stumbles from brutal DDoS beating

Wouldn’t have happened if you’d just used SVN, eh! Popular source-code warehouse GitHub was back online today after weathering a huge denial-of-service attack throughout the week.…

GitHub Struggles With Second Day Of DDoS Attacks

Code sharing site GitHub has been fending off large distributed denial of service (DDoS) attacks for two days now, with the site repeatedly taken offline. The attacks started at around 8pm yesterday, when a “large scale DDoS attack” hit. It didn’t last long as GitHub was back online less than an hour later. GitHub downed by DDoSers again But today problems emerged again. From 10.30am, another DDoS has taken GitHub down. “We’re doing everything we can to restore normal service as soon as possible,” a GitHub spokesperson told TechWeekEurope . GitHub has been keeping users updated on its status page. “We’re simultaneously working on deflecting the attack and restoring affected services,” read a post at 11.17am. “We’re working to re-establish connectivity after the attack disrupted our primary internet transit links,” another post from 11.48am read. The site was functioning at 12pm today, but there was no update on the status page. The site has been battered by DDoS attacks throughout this year. In August, a “very large” strike was reported and it was hit twice in two days in March. Source: http://www.techweekeurope.co.uk/news/github-ddos-attacks-128704

More:
GitHub Struggles With Second Day Of DDoS Attacks

WordPress Site Hacks Continue

WordPress installations sporting known vulnerabilities continue to be compromised by hackers and turned into distributed denial of service (DDoS) launch pads. That warning was sounded last week after IT professional Steven Veldkamp shared an intrusion prevention system (IPS) log with Hacker News , which found that a single 26-second DDoS attack against a site run by Veldkamp was launched from 569 different WordPress blogs. Those blogs appear to have been compromised by attackers, since they comprised everything from a “mercury science and policy” blog at the Massachusetts Institute of Technology (which as of press time remained offline) and a National Endowment for the Arts blog to WordPress sites run by Pennsylvania State University and Stevens Institute of Technology. “The key aspect to note here is the number of compromised WordPress servers,” said Stephen Gates, chief security evangelist at DDoS defense firm Corero Network Security, via email. “It’s a simple mathematical equation — attackers are looking to infect servers sitting in hosting environments with each server easily capable of generating 1 Gbps of attack traffic. It is quite easy to generate extremely high volumes and varieties of attack traffic by compromising just a few WordPress servers.” Once WordPress servers get compromised, attackers can use them for a variety of purposes, such as attacking U.S. financial institutions. “From volumetric attacks that melt down firewalls to the ‘low and slow attacks’ that sneak through firewalls undetected — the list is really endless,” Gates said. WordPress blogs, of course, are easy to provision and host. But that ease of installation — and use — means that such software is often run outside the purview of IT provisioning and oversight. Furthermore, many WordPress administrators fail to keep their software updated or follow security best practices, such as choosing unique usernames and strong passwords for WordPress admin accounts. As a result, numerous WordPress sites sporting known vulnerabilities — or “admin” as the admin account name — remain sitting ducks for automated attacks. Indeed, malware is often used to automatically find and exploit vulnerable WordPress installations. In August, Matthew Bing, an Arbor Security Engineering & Response Team (ASERT) research analyst, noted that the Fort Disco malware — first discovered in April 2013 — was being used to target known vulnerabilities in content management systems, backed by six command-and-control servers that were running a botnet comprised of more than 25,000 Windows PCs. “To date, over 6,000 Joomla, WordPress and Datalife Engine installations have been the victims of password guessing,” he said in a blog post. How widespread is the problem of exploitable WordPress software? According to a study conducted by EnableSecurity CEO Sandro Gauci, the list of the one million most trafficked websites — per the Alexa index — includes 40,000 WordPress sites. But 70% of those sites are running a version of WordPress with known vulnerabilities. Those statistics were relayed last week by WordPress security expert Robert Abela, who studied data that EnableSecurity’s Gauci compiled over a four-day period in the middle of September, immediately following the September 11 release of WordPress 3.6.1, which remains the latest version. In a blog post, Abela reported that of the 42,106 WordPress sites from the Alexa index identified, 19% had already been updated to the new version, while 31% of sites were still running the previous version (3.6). But the remaining 51% of cataloged WordPress sites ran one of 72 other versions, with 2% of all cataloged sites still running version 2.x, which dates from 2007 and earlier. Needless to say, many historical WordPress updates have included patches for exploitable vulnerabilities. For example, the latest version of WordPress — 3.6.1 — patched a known vulnerability in version 3.6 that would have allowed an attacker to remotely execute code. Previous versions of WordPress have also sported a number of known bugs, including version 3.5.1 (8 vulnerabilities), 3.4.2 (12 vulnerabilities) and 3.3.1 (24 vulnerabilities). All of this adds up to numerous WordPress sites that can be relatively easily hacked, based on a review of the top 10 most-seen versions of WordPress seen among the more than 40,000 counted by Gauci. “At least 30,823 WordPress websites out of 42,106 are vulnerable to exploitable vulnerabilities,” said Abela. “This means that 73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools. Considering the number of vulnerable WordPress installations out there, and the popularity of such websites, we are still surprised … most of them haven’t been hacked yet.” Source: http://www.informationweek.com/security/attacks/wordpress-site-hacks-continue/240162060

The latest on major DDoS and phishing attacks, and more

An analyst has confirmed that several, unnamed financial institutions have suffered losses in the “millions” owing to distributed denial-of-service (DDoS) attacks. According to Avivah Litan , VP and distinguished analyst at research firm Gartner , three U.S. banks were hit by short-lived DDoS attacks in recent months after fraudsters targeted a wire payment switch, a central wire system at banks, to transfer funds. » A phishing attack enabled hackers to modify the DNS records for several domains of media sites, including those run by The New York Times , Twitter and the Huffington Post U.K. Investigations revealed that the companies were not even the ones targeted by the attackers, who claimed to be the Syrian Electronic Army , a band of pro-Assad hacktivists responsible for a number of IT takedowns in recent months. In order to commandeer the major media sites, intruders compromised a reseller account that had access to the IT systems of Melbourne IT , an Australian registrar, and targeted an employee using an emailed spear phishing ruse. » The PCI Security Standards Council gave merchants a first look at changes to its credit card data and payment application security guidelines that could be introduced later this year. In mid-August, the council released the “3.0 Change Highlights” document, a preview to the updated PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS), which are set to be published Nov. 7. Expected changes in version 3.0 include a new requirement that merchants draw up a current diagram showing how cardholder data flows through organizations’ systems, and added guidance on protecting point-of-sale (POS) terminals from attacks, as well as educational explanations of why the 12 core security requirements have been included in the standard. » Saboteurs have introduced a rare breed of banking trojan capable of infecting Linux users. The malware, called Hand of Thief, is being sold on Russian underground forums and will soon offer a “full-blown” suite of malicious features, making it comparable to other major, commercially available financial malware, RSA researchers discovered. Hand of Thief’s price tag could reach $3,000 once criminals add a suite of web injections to its existing form grabber and backdoor infection vectors. » Around 14,000 former and present employees at the U.S. Department of Energy (DOE) had their personally identifiable information (PII) accessed by an unauthorized party who gained access to the agency’s network. The breach, which may have happened in late July, did not impact classified data, the DOE revealed. But, the incident could mean that sensitive data linkable to an individual was exposed. » In late August, the National Institute of Standards and Technology (NIST) released a preliminary draft framework in support of President Obama ‘s executive order, “Improving Critical Infrastructure Cybersecurity.” Earlier in August, NIST also released revisions to two of its security-related manuals, the first amendments since NIST released them in 2005, reflecting evolving malware threats and the trend of organizations using automated patch management. » Errata : Our apologies to Steve Lee , who we quoted in an insider threats story in August, for erroneously placing the office of his company, Steve Lee and Associates, in Texas, rather than Los Angeles. Source: http://www.scmagazine.com/news-briefs-the-latest-on-major-ddos-and-phishing-attacks-and-more/article/311635/

See more here:
The latest on major DDoS and phishing attacks, and more

Researchers sinkhole half a million ZeroAccess bots

In a race against time and ZeroAccess developers and botmasters, Symantec researchers managed to sinkhole a large chunk of the infamous P2P-based botnet before its herders managed to update the bots a…

View article:
Researchers sinkhole half a million ZeroAccess bots

Symantec disables ZeroAccess bots

Almost 500,000 zombie machines have been taken out of the ZeroAccess botnet, one of the world’s largest networks of infected computers.

See more here:
Symantec disables ZeroAccess bots

Two youngsters arrested for different DDoS attacks

Following the massive DDoS attack against anti-spam outfit Spamhaus earlier this year, a 35-year-old Dutch citizen believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker…

Link:
Two youngsters arrested for different DDoS attacks

London schoolboy cuffed for BIGGEST DDOS ATTACK IN HISTORY

Bet his parents wish he’d been playing computer games A British police investigation into the massive DDoS attack against internet watchdog Spamhaus has led to the arrest of a 16-year-old London schoolboy who, it is claimed, is part of an international gang of cyber-crooks.…