Hackers reveal plans to make children cry Last Christmas LizardSquad played Grinch with the holiday fun of gamers by knocking out XBox Live and smacking the PlayStation Network offline with a distributed denial-of-service (DDoS) attack.…
Read More:
‘Phantom’ menace threatens to down Xbox Live, PSN at Xmas
According to recent research from Kaspersky Lab and B2B International, nearly half (48 per cent) of the companies surveyed believe they know the identity and motivation of those behind recent DDoS att…
View article:
Are your competitors organizing DDoS attacks against you?
Access to the site was blocked for an hour due to a distributed denial-of-service (DDoS) attack carried out by unknown perpetrator(s). The website’s IT specialists managed to quickly deal with the attack and Sputnik Türkiye has already resumed operations. The resources of Rossiya Segodnya International Information Agency, including the Sputnik website and newswire, had already become a target for a major DDoS attack in October, when the agency’s websites and mailing services were unavailable to users for two hours. DDoS attacks are caused by a large number of Internet users or software programs simultaneously sending requests to a website until it exceeds its capacity to handle Internet traffic. Source: http://sputniknews.com/middleeast/20151208/1031410680/sputnik-turkey-ddos-attack.html
View article:
Sputnik Türkiey website became the target of a DDoS attack
DNS services appear to be targeted, switching may work Members of UK’s academic community from freshers to senior academics are facing more connection issues today as a persistent and continuous DDoS attack against the academic computer network Janet continues to stretch resources. Janet first came under a Distributed Denial of Service (DDoS) attack yesterday, and the same attack has continued through to today forcing much of the academic community offline. Initially, Jisc’s engineers and security teams identified the cause as a DDoS attack and worked to identify the source of the assault and implement blocks. However, after some suggestions of network stabilisation, further problems were seen. Janet reported that it would cease providing updates on its Twitter page following the attack, as the information seemed to be providing the attackers with hints about how to adjust their attacks. For those who find Janet’s DNS services sluggish to respond, it may be possible to work around the issue by switching to Google Europe’s DNS. Boffins from various field have somehow managed to take to Twitter to share their woes about the outage. Vision and Office 365 are also being reported as offline. The Register understands no ransom notice has been delivered to Jisc as of writing. DDoS-for-ransom attacks are almost always preceded by the ransom request, as an early payment saves the attackers money. Source: http://www.theregister.co.uk/2015/12/08/uk_research_network_janet_ddos/
View original post here:
UK research network Janet still being slapped by DDoS attack
TheNode.js Foundation has revealed a couple of bugs within its JavaScript software that could lead to major denial of service attacks against websites using the code. The issues affects versions of Node.js from version 0.12 up to version 5. In a bulletin issued by the Foundation, the popular server-id JavaScript platform has two vulnerabilities. One covers “a high-impact denial-of-service vulnerability” while the other is a “low-impact V8 out-of-bounds access vulnerability.” V8 is the JavaScript engine developed by Google and used by Node.js. The DoS issue is labelled as CVE 2015-8027, while the access problem is identified as CVE-2015-6764. According to the bulletin, the first bug could allow a hacker to launch a denial of service. The second bug could enable a hacker to trigger an out-of-bounds access and/or denial of service if user-supplied JavaScript can be executed by an application. The issues were disclosed last week with patches due to be released yesterday. However, the Foundation announced that it will now delay releasing the patches until Friday. It said this was because of dependencies on OpenSSL, which itself has been found to contain further vulnerabilities. “Node.js versions v0.10.x and v0.12.x depend on OpenSSL v1.0.1 and versions v4.x (LTS Argon) and v5.x depend on OpenSSL v1.0.2,” stated an advisory on the Node.js website. “As the Node.js build process statically links OpenSSL into binaries, we will be required to release patch-level updates to all of our actively supported versions to include the upstream fixes. While we are unaware of the exact nature of the OpenSSL vulnerabilities being fixed, we must consider it likely that Node.js releases will be required in order to protect users.” It said the move to Friday was “unfortunate” but has to take into account of “the possibility of introducing a vulnerability gap between disclosure of OpenSSL vulnerabilities and patched releases by Node.js and therefore must respond as quickly as practical.” “Please be aware that patching and testing of OpenSSL updates is a non-trivial exercise and there will be significant delay after the OpenSSL releases before we can be confident that Node.js builds are stable and suitable for release,” the organisation said. Wim Remes, strategic services manager EMEA at Rapid7, said vulnerabilities in Node.js “impacts organisations across verticals, from ecommerce websites, over healthcare organisations, to critical infrastructure.” “Hackers will leverage any vulnerability that allows them to gain control over a target. Denial of Service vulnerabilities are mostly used for targeted hacktivism or extortion purposes. The out-of-bounds access vulnerability, as it provides direct access to an infrastructure, would be a welcome tool in the arsenal of any digital criminal,” he said. “With access to part of the infrastructure, an attacker can pivot further through the infrastructure, destroy information, exfiltrate information, install spying software, etc. A vulnerability that provides direct access is the first tool an attacker needs to achieve their goals.” Remes added that in this case patching is about the only thing an organisation can do. “There are obviously ways to stop attacks using Web Application Firewalls or Intrusion Prevention Systems but given the severity of the issues, I would definitely recommend to prioritise patching. Additionally, making sure that any system which doesn’t need to be on the internet is not reachable by external users is something that makes sense too,” said Remes. Source: http://www.scmagazineuk.com/warnings-over-nodejs-flaw-that-could-lead-to-dos-attacks/article/457205/
See more here:
Warnings over Node.js flaw that could lead to DoS attacks
Two sister blogs, Hacked (Security & Tech) and CryptoCoinsNews, have decided to go the Mel Gibson route (“Ransom” movie reference for the uncool kids) and put out a bounty on DDoS attackers instead of paying the money they were asking for. It all started earlier this morning, when both sites saw a serious DDoS attack being carried out against their server infrastructure. Three hours after the attack began, the two received emails from a man named Jon. The attacker claimed to own a botnet that he intended to use for DDoS attacks. He said that currently he was using only 20% of the botnet’s capabilities against the two sites. Jon was asking for a 2 Bitcoin ransom, which would become 3 Bitcoin by tomorrow if unpaid. Instead of giving in and being intimidated by the attacker, the two sites ramped up their DDoS mitigation and decided to put out a 5 Bitcoin ransom on the attacker, which is about $1,600 or €1,500 in today’s exchange rate. Turning the table on DDoS extortionists “If you can help us identify the extortionists in a way that leads to a successful police report, you will receive five bitcoins, with gratitude,” says Samburaj Das of CCN and Hacked. The bloggers are looking for data like real names, addresses, and attacks carried out on other sites that would allow investigators to track their DDoS campaign. Details should be sent to crypto@cryptocoinsnews.com. Only last month something similar happened to ProtonMail, a crypto email service. The site was under a massive DDoS attack, which also expanded to its ISP. Due to peer pressure from other affected services, ProtonMail paid the ransom , but the attacks never stopped, with other groups also taking aim at their infrastructure. Many people skewered ProtonMail’s owners for paying the attackers, saying it was a bad idea and did nothing but encourage such types of groups to carry on with their DDoS-for-Bitcoin extortion campaigns . We’ll just have to wait and see how Hacked/CCN’s countermove goes through. Source: http://news.softpedia.com/news/bloggers-put-bounty-on-ddos-extortionists-496586.shtml
See the article here:
Bloggers Put Bounty on DDoS Extortionists
Earlier this week, the UK government warned ISIS militants were developing the capability to launch cyber attacks against Britain’s infrastructure. Today, we are witnessing a huge amount of DDoS (Distributed Denial of Service) attacks on the United Kingdom. As of writing, a look at the Digital Attack Map shows an unprecedented amount of attack traffic aiming towards the UK. Most of the DDoS attacks use “fragmentation” which sends a flood of TCP or UDP fragments to a victim, overwhelming the victim’s ability to re-assemble the streams and severely reducing performance. The cyber attacks come after a week of physical attacks towards the international community, and subsequent retaliation in the form of bombing campaigns against key IS targets in Syria and hundreds of raids on various safe houses being used to harbor the militants in France and Belgium. It’s unclear what the attack traffic is targeting, and whether it’s originating from IS sympathasisers, but online activist group Anonymous has been under attack for declaring war on the militants with the launch of their #OpParis campaign for anyone to disrupt social network accounts used for propaganda and recruitment by the group. An IRC used by Anonymous has temporarily had to shut-off external connections from third-party clients. #OpParis is not “hacking” in the traditional sense, as the group is often known for, in fact its rules prohibit carrying out certain attacks such as DDoS and instead focuses on using software to collect the social network accounts used by ISIS. Volunteers then use the services’ built-in tools for abuse reporting. So far, #OpParis has reportedly taken down 5,500 Twitter accounts – despite not all being confirmed as being ISIS-affiliated. ISIS has used the web for international recruitment, and for encrypted communications. The actions of Anonymous has worried the group as it’s disruptive to spreading their poisonous ideology to potential new recruits, but it has also pushed the militants into using safer messaging tools and issuing advice to followers over which services to use. The potential of using these encrypted services, like Telegram, for organising attacks out the view of intelligence agencies is concerning governments. David Cameron, Prime Minister of the United Kingdom, has expressed his government’s interest in “banning” encrypted messaging tools which agencies struggle to intercept. Cameron’s plan has been criticised not just for its privacy implications, but also for how it would be impossible to ban such tools in practice as most of the chosen tools are “open source” and can be distributed by anyone. In response to cyber attack threats, the UK government has pledged £2 billion towards creating a “National Cyber Centre” based at GCHQ (Government Communications Headquarters) Chancellor George Osborne said ISIS was trying to develop the capability to attack British infrastructure such as hospitals, power networks and air traffic control systems for lethal consequences. In a speech at GCHQ, he said “they have not been able to use it to kill people yet by attacking our infrastructure through cyber attack, but we know they want it and are doing their best to build it.” “We are building our own offensive cyber capability – a dedicated ability to counter-attack in cyberspace. When we talk about tackling (ISIS), that means tackling their cyber threat as well as their guns, bombs and knives,” he continued. It’s unclear if the cyber attacks towards the UK today are ISIS-related, but it goes to show the need for a facility dedicated towards facing cyber threats. Back in September, we reported about the creation of the Global Cyber Alliance. The alliance is headquartered in New York and London, but it’s unclear if this new investment will be an expansion of that scheme or an independent facility. Will Pelgrin, former CEO and President of the Center for Internet Security, said: “Cyber crimes have become a worldwide epidemic with estimates of a half billion global cyber victims annually. We must treat cyber security threats and crimes as we would any widespread infectious disease – immediately, urgently and collectively. Cyber risks have reached catastrophic proportions and, therefore, require an unparalleled, public/private and transnational response.” Source: http://www.telecomstechnews.com/news/2015/nov/18/uk-pummelled-ddos-after-isis-cyber-attack-warning/
Link:
UK pummelled with DDoS after ISIS cyber attack warning
When bragging of your illegal exploits, leave off your real name A UK man has been given eight and a half months in prison for launching a series of distributed denial-of-service attacks in 2013.…
A distributed denial-of-service attack (DDoS) is a cheap but effective way to take out your target’s website by flooding it with so much traffic that the web server becomes overwhelmed and the website crashes. There are those who use DDoS attacks as a kind of online protest, such as hacktivist groups like Anonymous. Then there are those who do it to “amuse” themselves, like the Lizard Squad who took out Playstation and Xbox servers on Christmas Day last year. And then there are other DDoS attacks that come from cybercriminals who don’t care about politics or hijinks – they just want money. Recently a cybergang calling itself the Armada Collective has been attempting to extort money from victims by threatening DDoS attacks unless a ransom is paid in bitcoins. One Swiss company, the encrypted webmail provider ProtonMail, recently paid $6000 in bitcoins after receiving a ransom from the Armada Collective, it said. The site was still DDoSed. And now, the latest site to fall victim to a DDoS attack is that of former Naked Security writer Graham Cluley. We don’t know why Graham was targeted, but on Twitter he noted that he didn’t receive a ransom demand, so it must have been “personal.” Unfortunately, it doesn’t take much skill to launch this kind of attack. Anybody with a little bit of money and the will to wreak havoc can launch DDoS attacks with simple DDoS-for-hire web tools that harness armies of zombified computers to bombard your website with thousands or millions of illegitimate web requests. DDoS attacks are simple but destructive – if your website goes down for any period of time, your customers can’t get through and you end up losing new sales, losing customers, or missing out on ad revenue, depending on what your website’s purpose is. In Graham’s article about how ProtonMail initially caved to the extortion demands, but then had a change of heart, Graham wrote something very sensible about how we should treat extortionists, blackmailers and ransom-takers: No-one should ever pay internet extortionists. For those who receive a ransom demand, it might seem like a few thousand dollars is a fair price to pay when your customers are complaining they can’t access your services, and your business is hurting. But if we pay the extortionists’ demands, that will only give them more reason to do it again. Source: http://www.mysec.hu/magazin/kuelfoeldi-hirek/20413-security-blogger-graham-cluley-s-website-suffers-ddos-attack
Continue reading here:
Security blogger Graham Cluley’s website suffers DDoS attack
ProtonMail, the Switzerland-based encrypted email service, has found its footing again after a wild ride over the past week. The free service has said it was hit by two different groups using distributed denial-of-service attacks (DDoS) that took it offline. Now it has partnered with Radware, which offered its DDoS mitigation service for a “reasonable price,” allowing service to resume, ProtonMail wrote in a blog post on Tuesday. “The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future,” the company wrote. The first group of attackers, which call themselves the Armada Collective, asked ProtonMail for a ransom in bitcoin before launching attacks early on Nov. 4. The Swiss Governmental Computer Emergency Response Team warned in September about blackmail attempts by the Armada Collective. They tend to launch a demo attack while demanding 10 or 20 bitcoins, and larger attacks follow if the ransom isn’t paid. Controversially, ProtonMail paid the ransom. The company wrote in a blog post that it was under pressure from other companies to pay it in order to stop the attacks. However, ProtonMail later edited the blog post, writing that paying “was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will never pay another ransom.” The second group’s attack on ProtonMail had wide-ranging effects on its service providers and other companies, which also were knocked offline. The 100Gbps-attack brought down ProtonMail’s ISP, including the ISP’s routers and data center. ProtonMail suspected that the second group might be state-sponsored hackers because of the severe damage inflicted. Bizarrely, the Armada Collective told ProtonMail it wasn’t responsible for the second set of attacks. By Sunday, ProtonMail began recovering. An ISP, IP-Max, set up a direct link from ProtonMail’s data center to a major Internet connection point in Zurich in less than a day, it wrote. Level 3 Communications lent a hand with IP transit. An appeal for donations to put in better protections against DDoS has netted $50,000 so far as well. ProtonMail’s service is free, but eventually it plans to introduce paid-for premium options. ProtonMail is now using Radware’s DefensePipe, a cloud-based service. Other companies, ProtonMail said, offered their services but “attempted to charge us exorbitant amounts.” ProtonMail offers a full, end-to-end encrypted email service and has more than 500,000 users. Although it has been possible to encrypt email for decades, interest has increased since documents leaked by former U.S. National Security Agency contractor Edward Snowden showed massive data-collection operations by western spy agencies. Source: http://www.pcworld.com/article/3004157/protonmail-comes-back-online-shores-up-ddos-defenses.html
See original article:
ProtonMail comes back online, shores up DDoS defenses