Great Firewall of Thailand? ?????????????????, say locals Thai government websites dropped offline this week in what was either a politically motivated distributed denial-of-service attack or a case of badly designed websites falling over in response to an unusual increase in visitor numbers.…
See original article:
Hand-cranked ‘DDoS’ floors Thai government website amid protests
Remote-code execution danger on VM hosts VMware is urging users of its vCenter Server and ESXi software to install its latest patches to plug vulnerabilities that can allow remote-code execution and denial of service.…
View article:
Patch NOW: VMware vCenter, ESXi can be pwned via your network
Dutch minister of safety and justice Klaas Kijkhoff has responded in writing to questions from Labour Party PvdA about recent disruptions at Ziggo, saying internet problems due to large-scale DDoS (distributed denial of service) attacks are unavoidable. The minister said that it was primarily the job of ISPs to secure their systems against such attacks, which hit cable operator Ziggo in August. PvdA MP Astrid Osse Bridge had written earlier, saying she wanted to know to what extent public services are affected by DDoS attacks on major ISPs and what the government could do to prevent such events. Dijkhoff wrote that the government has taken action to minimize effects of DDoS attacks on their own networks and systems, adding that it was up to the government to implement such measures for ISPs. The minister said companies and bodies involved must ensure that consequences are minimised. They could take prevention measures such as by addressing and sharing information about joint botnets, networks of hijacked computers used by hackers to stage cyberattacks. Ziggo took two heavy DDoS attackes on 18 and 19 August. Source: http://www.telecompaper.com/news/nl-minister-says-disruptions-caused-by-ddos-are-inevitable–1105503
More:
NL minister says disruptions caused by DDoS are inevitable
Neustar released the findings of its latest DDoS report, including key trends. The global research reveals more activity around targeted, smaller assaults aimed at distracting firms’ IT departments wh…
View the original here:
7 key global DDoS trends revealed
Several Thai government websites are hit by a suspected distributed-denial-of-service attack, making them impossible to access.
View original post here:
Thai government websites in DDOS attack
Internet users Wednesday night protested the plans for a single gateway by attacking and bringing down the main websites of the prime minister, the Defence Ministry and the Ministry of Information and Communication Technology. Communications experts said “denial of service” attacks flooded the three sites, effectively making them impossible to access. The sites began to recover early Wednesday. The three sites went offline at about 10pm Wednesday, after netizens warned they intended to attack, and the government said such attacks would be treated as violations of the Computer Crime Act. The ICT deputy permanent secretary, Somsak Khaosuwan, claimed his ministry’s site did not crash because of an attack, but because it was overloaded by visitors monitoring the planned attack. Sites affected as of early Wednesday were the main government information website thaigov.go.th, the ICT ministry’s site at mict.go.th and the defence ministry’s website, mod.go.th. By early Wednesday, however, only the MICT site remained inaccessible, possibly because authorities had actually taken it offline. Warnings on Wednesday afternoon from credible sources in the Thai hacking community said they planned to attack government websites to protest the recent disclosure of government plans to reduce internet access to a single gateway, controlled by CAT Telecom Co. It appeared that the government site takedowns were by internet users, who answered calls on social media to go on online and continuously click refresh, causing overloads on the three targeted sites. The simultaneous denial-of-service attack works like normal attacks by over-exceeding a website’s capacity to handle internet traffic. But whereas normal attacks are carried out by a program or bot, Wednesday night’s protest was carried out by thousands of online users. After the secret plan was accidentally disclosed by a government press release, authorities sent out Deputy Prime Minister Prajin Junthong to try to spin the plan. He said that the single gateway initiative was only a proposition and that no “firm decisions have been made.” Critics of the plan idea contend it will take away freedom of information, with some even comparing it to the tightened grip of a communist country. A change.org petition opposing the single gateway initiative passed 100,000 signatures as of Wednesday. Source: http://www.bangkokpost.com/news/security/714432/single-gateway-protest-halts-government-websites
Read the original post:
Single gateway protest halts government websites into DDoS attacks
Several Thai government websites went offline on Wednesday evening (Sep 30) in an apparent Distributed Denial of Service (DDoS) attack. The websites of the Information and Communication Technology (ICT) ministry, the state-owned CAT Telecom and the Internal Security Operations Command (ISOC) were among those affected. The Thai government’s main website and the finance ministry website also went offline later on Wednesday. The alleged DDoS attacks came after online communities threatened action to protest the government’s Single Gateway plan, which aims to “control inappropriate websites and information flows from other countries via the Internet”, according to an ICT statement. According to online sources, the activists had planned to start the attacks at 10pm (11pm Singapore time), but the ICT Ministry website was already affected at 7pm. Tens of thousands of people have signed a petition against the proposal, dubbed the “Great Firewall of Thailand”, with critics saying it will allow the military to further increase censorship as well as leave the country’s IT hub status vulnerable if the gateway fails. Source: http://www.channelnewsasia.com/news/asiapacific/thai-government-websites/2161566.html
Visit site:
Thai government websites offline in suspected DDoS attack
Threat actors are leveraging a botnet made up of infected Linux machines to launch powerful distributed denial-of-service (DDoS) attacks against as many as 20 targets per day, according to Akamai’s Security Intelligence Response Team (SIRT). The botnet is composed of Linux machines infected with a stealthy trojan identified in 2014 as “XOR DDoS.” The threat was observed altering its installation depending on the victim’s Linux environment and running a rootkit to avoid detection. According to an advisory published on Tuesday, Akamai’s SIRT has seen DDoS attacks – SYN and DNS floods were the observed attack vectors – that reached anywhere from a few gigabits per second (Gbps) to nearly 179 Gbps. Although the advisory said that 90 percent of targets are located in Asia, Tsvetelin Choranov, security intelligence response engineer with Akamai’s SIRT, told SCMagazine.com in a Tuesday email correspondence that a very small number of attacks have been launched against entities in the U.S. “The target industries confirmed from our standpoint are online gaming and education,” Choranov said, adding, “We don’t have a defined number of systems infected by this malware. Some of the source IPs that we are seeing actively producing malicious traffic have spoofing capabilities.” The advisory noted that evidence suggests the malware is of Asian origin, but Choranov said that Akamai’s SIRT has not heard of anyone claiming responsibility for the DDoS attacks. He added that there is also no known reason for the attacks, such as extortion. Unlike a lot of malware, XOR DDoS is not spreading via exploitation of vulnerabilities. “Rather, it populates via Secure Shell (SSH) services that are susceptible to brute-force attacks due to weak passwords,” the advisory said. “Once login credentials have been acquired, the attackers [use] root privileges to run a Bash shell script that downloads and executes the malicious binary.” The advisory outlines two methods for detecting the malware. “To detect this botnet in your network, you can look for the communications between a bot and its C2, using the Snort rule shown in [the advisory],” the advisory said. “To detect infection of this malware on your hosts you can use the YARA rule [also in the advisory].” XOR DDoS is persistent, meaning it runs processes that will reinstall deleted files. Removing the threat involves identifying malicious files in two directories, identifying the processes responsible for persistence of the main process, killing those processes, and deleting the malicious files. “XOR DDoS malware is part of a wider trend of which companies must be aware: Attackers are targeting poorly configured and unmaintained Linux systems for use in botnets and DDoS campaigns,” the advisory said. Source: http://www.scmagazine.com/linux-botnet-observed-launching-powerful-ddos-attacks/article/441750/
Originally posted here:
Linux botnet observed launching powerful DDoS attacks
Enormous network of hijacked zombie servers threatens to batter everything in its path Cybercrooks have built a network of compromised Linux servers capable of blowing websites and other systems off the internet with at least 150Gbps of junk traffic.…
More:
Linux-powered botnet lets rip on victims with 180Gbps network floods
Attackers have developed a botnet capable of 150+ Gbps DDoS attack campaigns using XOR DDoS, a Trojan malware used to hijack Linux systems, according to Akamai. What is XOR DDoS? XOR DDoS is a T…
Read the article:
XOR DDoS botnet launching attacks from compromised Linux machines