Perp known as ‘DD4BC’ has some serious heat on his or her tail, with worse to come A group of security boffins have joined police and intelligence spooks in a clandestine mission to identify those behind distributed denial of service (DDoS) extortion attacks against major banks.…
More:
Spooks, plod and security industry join to chase bank hacker
Eighty-one percent of health care executives say that their organizations have been compromised by at least one malware, botnet, or other cyber-attack during the past two years, and only half feel tha…
Excerpt from:
81% of healthcare organizations have been compromised
What’s that big spike on site performance graph? GitHub is under a distributed-denial-of-service attack being perpetrated by unknown actors.…
View article:
GitHub wobbles under DDOS attack
His lawyers claim that their client was only on the “periphery” of a conspiracy to take down UK government and FBI sites, but a UK teen who didn’t mind boasting online about those crimes now faces the possibility of jail time. Charlton Floate, 19, of Solihull, England, already admitted to three counts of computer misuse under the Computer Misuse Act and three counts of possessing prohibited images at Birmingham Crown Court. The attacks took place in January 2013, when Floate and a team of other cyber criminals crippled government sites with deluges of digital traffic sent from malware-infected computers. Such computers are often called zombie computers, and they’re widely used in botnets to gang up on sites with what’s known as a distributed denial of service (DDoS) attack. The gang managed to knock out the UK’s Home Office site – a heavily used site that provides information on passports and immigration among other things – for 83 minutes. The group also took down an FBI site – that allowed users to report crime – for over five hours. The prosecutor, Kevin Barry, reportedly said that in November 2012, Floate carried out two test runs, remotely attacking the computers of two men in the US. Floate uploaded a sexually explicit video to YouTube to “mock and shame” one of his victims, and he “taunted” the other victim about having control of his computer. Modest, he was not – Floate also reportedly bragged about the government site attacks on Twitter and on a forum frequented by hackers. Judicial officer John Steel QC rejected Floate’s legal team’s contention that he was on the “periphery” of the cyber gang, saying that evidence pointed to his actually being central to the crimes, including organizing the attacks. He said Floate was “clearly a highly intelligent young man”, who had become an expert in computer marketing, had written a book on the subject, and succeeded in taking down an FBI.gov website – what he called the “Holy Grail” of computer crime: A successful attack on the FBI.gov website is regarded by hackers as the Holy Grail of hacking. It was this which he attempted and, indeed, achieved. He was the person who instituted such attacks and assembled the tools and personnel for doing so. The Holy Grail it may be but in this case I beg to differ about how successful Floate was in getting his hands on it. A DDoS attack isn’t a form of sophisticated lock picking, it’s just a noisy way to board the door shut from the outside. Floate may well be bright but he stumbled once, and that’s all that investigators needed. Namely, he used his own IP address – he worked out of his mother’s home – to check up on how the attacks had gone. Police traced the address to Floate’s mother’s home, where they seized Floate’s computer and mobile phone. They also found evidence that he’d tried to recruit others into the gang and that he’d discussed possible weaknesses in certain websites as well as potential future targets – including the CIA and The White House. Sentencing was adjourned until 16 October, pending a psychiatric report. Floate is currently remanded on conditional bail. Steel said he hadn’t yet made up his mind about sentencing but added there’s “clearly potential for an immediate custodial sentence” and that Floate “should be mentally prepared for it.’ Source: https://nakedsecurity.sophos.com/2015/08/24/teen-nabbed-after-attacks-on-uk-government-and-fbi-sites/
Read more here:
Teen nabbed after attacks on UK government and FBI sites
Dutch cable operator Ziggo has experienced network problems for a second time in a week, following a DDoS attack. Service disruptions were experienced throughout the country, and Ziggo said around 60 percent of its customers were affected, NU.nl reports. A Ziggo spokesman said the latest attack was worse than the first. The attack targeted Ziggo’s DNS servers, leaving many customers without internet access. At around 04.00 hours 20 August the company brought the attack under control. The company said it’s started an investigation into the attack and measures it can take to prevent future incidents. In a notice to customers, the company said it was doing everything it could to put an end to the problems and it would be implementing changes to its network as a result of the attack. This will result in a restart of customer modems, which may be without service for several minutes while the changes are implemented. The company said in a statement that it was also working with the National Cybersecurity Centre and Ministry of Justice after several videos with threats against Ziggo’s office were placed on social media. Ziggo said it was taking the threats very seriously and had filed a complaint with the police. Meanwhile the Dutch mobile operators KPN, Vodafone and T-Mobile reported a sharp increase in data traffic during both Ziggo attacks. A spokesman for Vodafone said data traffic doubled both times on its network. Source: http://www.telecompaper.com/news/ziggo-suffers-new-ddos-attack–1098223
Originally posted here:
Ziggo suffers new DDoS attack
Malicious actors have started abusing the Portmapper service to amplify their distributed denial-of-service (DDoS) attacks and hide their origin, Colorado-based telecommunications company Level 3 Communications has warned. RPC Portmapper, also referred to as rpcbind and portmap, is an Open Network Computing Remote Procedure Call (ONC RPC) service designed to map RPC service numbers to network port numbers. When RPC clients want to make a call to the Internet, Portmapper tells them which TCP or UDP port to use. When Portmapper is queried, the size of the response varies depending on the RPC services present on the host. In their experiments, Level 3 researchers obtained responses of between 486 bytes (amplification factor of 7.1) and 1,930 bytes (amplification factor of 28.4) for a 68 byte query. The average amplification size obtained by Level 3 in tests conducted across its network was 1,241 bytes (18.3 amplification factor), while in the actual DDoS attacks seen by the company the value was 1,348 (19.8x amplification). Malicious actors can use Portmapper requests for DDoS attacks because the service runs on TCP or UDP port 111. Since UDP allows IP spoofing, attackers can send small requests to Portmapper using the target’s IP address and the server sends a larger response to the victim. Level 3 has observed an increasing number of DDoS attacks leveraging this vector over the summer, with the largest attacks taking place in August 10-12. The attacks were mainly aimed at the gaming, hosting, and Internet infrastructure sectors. Organizations are advised to keep an eye out for potentially malicious Portmapper requests, but Level 3 has pointed out that for the time being the global volume of Portmapper-based traffic is still small compared to other UDP services abused in DDoS attacks, such as DNS, NTP and SSDP. “Portmapper is so small it barely registers as the red line at the bottom of the graph. This shows, despite its recent growth, it is a great time to begin filtering requests and removing reflection hosts from the Internet before the attack popularity grows larger and causes more damage,” Level 3 said in a blog post. “We recommend disabling Portmapper along with NFS, NIS and all other RPC services across the open Internet as a primary option. In situations where the services must remain live, firewalling which IP addresses can reach said services and, subsequently, switching to TCP-only are mitigations to avoid becoming an unknowing participant in DDoS attacks in the future,” experts advised. There are several services that malicious actors can abuse for DDoS attack reflection and amplification. Researchers revealed at the USENIX conference last week that vulnerable BitTorrent protocols can also be leveraged for DDoS attacks. Source: http://www.securityweek.com/rpc-portmapper-abused-ddos-attack-reflection-amplification
Originally posted here:
RPC Portmapper Abused for DDoS Attack Reflection, Amplification
We all know the damage that DDoS-for-hire services can inflict on websites and organizations behind them. What is less known is that a simple move like making PayPal seize the accounts through whic…
View the original here:
How to sabotage DDoS-for-hire services?
It started with a five minute long DDoS attack which established that the cybercriminals meant business and could cause impact, this small sample attack stopped all business for five minutes. They then sent an email demanding payment of the ransom in bitcoins within 48 hours, otherwise a second and far more damaging DDoS attack would ensue and the ransom amount would be raised. This type of attack: ‘DDoS Extortion’ has become increasingly popular during the past year and the official guidance to companies who find themselves in a DDoS Extortion situation, as recently reiterated by the FBI, is: Do Not Pay the ransom but rather focus efforts at strengthening DDoS mitigation. The ‘target’ in this case was a leading ecommerce corporation and downtime was not an option both in terms of possible transaction loss and equally importantly reputational damage. The company had already invested in multi-layered DDoS mitigation strategy. The five-minute outage caused by the extortionists had senior IT management under pressure and they knew that serious financial loss as well as impact to their reputation was possible. “DDoS mitigation does not boil down to one device that ‘bites the DDoS bullet’” DDoS Testing Testing DDoS mitigation systems is done by generating traffic which simulates real DDoS attacks in a completely monitored and controlled manner. Control is key because DDoS mitigation does not boil down to one device that ‘bites the DDoS bullet’ but is rather a chain of devices that need to be configured much like an orchestra in order to work in complete harmony. Testing this way allows a company to verify that each element of their DDoS mitigation systems is working as expected and that together they are configured for optimal protection. DDoS testing typically impacts the tested environment and therefore is conducted during maintenance windows to ensure minimal disruption to ongoing operations. This means the company’s key team members are usually all on site and because maintenance windows usually last 3-5 hours – time is of the essence. For this reason effective DDoS testing allows for: i. Quickly switching from one type of test to another once you have evaluated how the environment responds to a test (there are numerous types of tests ranging from Layer 3, Layer 4 to Layer7), and ii. Ramping up test bandwidth to simulate a realistic load level We received a call on Saturday afternoon describing the ransom scenario and possibilities of a large attack and our SOC team was at the customer’s premises the following morning. “It’s all about knowing which attacks to simulate and getting as many of them done, in as little time as possible. You know that clock is ticking..” Our ‘Emergency BaseLine DDoS Testing’ as we have come to call it, is comprised of the following three stages: 1. Reconnaissance – Working with the company to understand as much as possible about relevant subnets and foot-printing the environment with port scanning and DNS enumeration. 2. Testing – Simulating a variety of tests to identify points of failure 3. Troubleshooting & Hardening – Resolving immediate critical issues and troubleshooting the necessary network points to have a DDoS mitigation defense ready for the threatened attack. Source: http://blog.mazebolt.com/?p=590
Read this article:
DDoS Extortion – Biting the DDoS Bullet
Malformed .MOV files can murder your movies Two Borg assimilators have discovered five denial of service vulnerabilities in Apple’s QuickTime.…
Read More:
Use QuickTime … and become part of the collective
Corbyn camp urges us to ‘get registering’ – we couldn’t agree more, Jeremy The intermineable registration process for voters for the new Labour Party leader’s election did not terminate this noon, as was planned, due to the party website dropping offline, following an effective, if accidental, DDoS attack from a flood of well-meaning visits generated by eager, if incredibly tardy, new supporters. The party website now informs visitors that “this morning we understand that some people have had problems trying to join or register as a supporter of the Labour Party. We are extending the deadline to join or register and be able to vote in the Leadership elections until 3pm.” If you are experiencing problems with the website, you can also register as a supporter with a £3 text. Text SUPPORT to 78555 and wait for a further text tomorrow on how to complete registration. According to the Guardian – which is live-Tweeting the event, now for another three hours – the party’s fear of entryists has resulted in “at least three of the camps” getting “in touch with each other to discuss their concerns about the running of the contest”. No accounts connected to Corbyn’s opponents have tweeted about the extension. Source: http://www.theregister.co.uk/2015/08/12/labour_party_wesbite_ddosd_by_mob_wanting_to_vote_for_new_leader/
Continue reading here:
Labour Party website DDoS’d by ruly democratic mob