Category Archives: Security Websies

Millions of home routers expose ISPs to DDoS attacks

DNS software specialist Nominum has revealed that DNS-based DDoS amplification attacks have significantly increased in the recent months, targeting vulnerable home routers worldwide. The research reveals that more than 24 million home routers have open DNS proxies which potentially expose ISPs to DNS-based DDoS attacks. In February of this year more than 5 million of these routers were used to generate attack traffic. DNS is the most popular protocol for launching amplification attacks and during an attack in January more than 70 percent of total DNS traffic on one provider’s network was associated with amplification. The attraction for the attacker is that DNS amplification requires little skill or effort but can cause major damage. Using home routers helps mask the attack target making it harder for ISPs to trace the ultimate recipient of the waves of amplified traffic. The amount of amplified traffic can amount to trillions of bytes every day, disrupting networks, websites and individuals and leading to additional costs. “Existing in-place DDoS defenses do not work against today’s amplification attacks, which can be launched by any criminal who wants to achieve maximum damage with minimum effort,” says Sanjay Kapoor, CMO and SVP of Strategy at Nominum. “Even if ISPs employ best practices to protect their networks, they can still become victims, thanks to the inherent vulnerability in open DNS proxies”. To address the gap in defenses Nominum has launched its Vantio ThreatAvert product to enable ISPs to neutralize attack traffic. Kapoor says, “ISPs today need more effective protections built-in to DNS servers. Modern DNS servers can precisely target attack traffic without impacting any legitimate DNS traffic. ThreatAvert combined with ‘best in class’ GIX portfolio overcomes gaps in DDoS defenses, enabling ISPs to constantly adapt as attackers change their exploits, and precision policies surgically remove malicious traffic”. Source: http://betanews.com/2014/04/02/millions-of-home-routers-expose-isps-to-ddos-attacks/

View article:
Millions of home routers expose ISPs to DDoS attacks

Week in review: Banks sue Target and Trustwave, Basecamp DDoS, Fyodor restarts the Full Disclosure list

Here's an overview of some of last week's most interesting news, reviews and articles: Flaws in Android update mechanism could turn apps into malware A group of researchers from Indiana Universi…

Link:
Week in review: Banks sue Target and Trustwave, Basecamp DDoS, Fyodor restarts the Full Disclosure list

Anonymous DDoS Attack Hits Albuquerque Police Dept. In Response To Homeless Man James Boyd’s ‘Murder’

Anonymous has followed through with a threat to disable the Albuquerque Police Department (APD) website in retaliation for the fatal shooting of mentally ill man James Boyd earlier this month. An APD spokesperson said there was “unusual activity” on their website and an officer confirmed it was from a cyber-attack. Anonymous often uses distributed denial-of-service (DDoS) attacks to shut down websites in protest. A DDoS attack is a flood of exponentially more requests to a targeted website than that sites server can handle, sometimes by using bots and other tools. That overloads the server and makes the website unavailable. The incident in question involves the fatal shooting of Boyd, a 38-year-old homeless and possibly schizophrenic man, after a three-hour encounter in the “foothills” outside Albuquerque. Boyd had a history of violent crimes and often said he was on secret missions under the direction of former President Gerald Ford. Some of Boyd’s violent arrests involved attacks against police officers. He served time in jail and in at least one mental health facility. In a rare move, the APD released the full video of the incident, which shows officers shooting Boyd with beanbags and bullets after Boyd threatened them with a knife multiple times and refused to follow their directives. You can watch the APD briefing on the incident here. Albuquerque Police Chief Gorden Eden says the shooting was justified. The Anon Press released this video on March 25 outlining their disapproval of the APD and planned attack: “On March 30th we are asking the citizens of Albuquerque to occupy the APD HQ and occupy the sites of the Albuquerque Police Department. Let them know that your city is not a place for war games against the homeless and the less fortunate. Anonymous grab your cannons and aim them at Albuquerque police websites.” They also accuse the APD of murdering James Boyd “in cold blood.” The APD says they took measures to defend themselves against the attack but they were not effective. The main APD site that Anonymous targeted is back up as of 6 p.m. on March 30. Another which appears to be a recruitment page, remains unavailable. Federal investigators are now looking into the James Boyd incident, APD Chief Gordon welcomes the probe. Source: http://www.ibtimes.com/anonymous-ddos-attack-hits-albuquerque-police-dept-response-homeless-man-james-boyds-murder-1564905

Visit link:
Anonymous DDoS Attack Hits Albuquerque Police Dept. In Response To Homeless Man James Boyd’s ‘Murder’

Analysis of 244,703 DDoS incidents

NSFOCUS released its DDoS Threat Report 2013, which details attack trends and methodologies over the past year. The report includes statistical analysis and key observations based on 244,703 DDoS inci…

Read this article:
Analysis of 244,703 DDoS incidents

Basecamp gets DDoSed and blackmailed

Basecamp, formerly known as 37signals, has managed to largely mitigate a DDoS attack that started today (March 24) at 8:46 central time and which made its services unavailable for users for a few hour…

View post:
Basecamp gets DDoSed and blackmailed

Why having a DDoS Playbook is essential for your organisation

Just like any major emergency, IT managers must prepare a playbook to follow in case a DDoS attack occurs. What follows are some of the most important considerations every manager needs to consider when creating their DDoS playbook: it’s about 75% preparation, 25% organised action. Situation awareness Every business operates within the context of certain realities. There are the human, political realities: are there competitors, activists or people who might have something against your organisation? Your team should be actively monitoring social media for indications of growing tension. And then there are known technological realities: what device types and browsers normally access your public websites? What is within the range of normal legitimate traffic and what is not? Document what’s normal, what’s not, how to monitor for it, and what to do about it when things change. Know thy network, and protect it In order to effectively protect your network, you and your team must understand it completely. Establish the following practices, share in a safe location, and update regularly: Create a detailed depiction of your network topology. This will ensure everyone is working from the same page and will be useful for team coordination while under attack. Establish baselines. Collect baseline measurements of all network activity as it relates to your public access points. Examples are graphing and threshold alerts for bits per second and packets per second on major ingress and egress links in your network. You should also identify all critical services (for example, DNS, web servers and databases) running in your network and define monitoring indices to assess health in real time. Defend from the edge. Deploy technology at the edge of your network to defend as best as possible. Understand it may have limited capabilities, but can be of use in thwarting a small attack or identifying a ramping attack. Give yourself options. Design a secure remote access configuration, preferably out of band, to allow for remote management of your systems while under attack. Create a strong DDoS response team Help your people be successful by designating a strong team leader and making sure everyone knows and understands their responsibilities. Include the following: Who should be notified and when (emergency contact info for your ISP, your own senior management, customer service and PR managers)? What info needs to be collected and when, and where is it logged? What action needs to be taken to protect infrastructure or service? What is the escalation path for critical decisions? Communicate the DDoS plan It’s not enough to have created a DDoS plan, but you need to share it and staff needs to know exactly when to initiate a DDoS response. It should be part of orientation for new staff, with hard copies at stations and version in your wiki or online shared resources. Run drills periodically, including contacting your ISP. Partner when necessary If an attack is beyond the capabilities of your team or your ISP, make sure you have done your research and know which expert you want to call. There are companies whose sole expertise is preparing for and defending against sophisticated and large scale DDoS attacks. Make sure you understand your needs and vendors’ service offerings beforehand so that when the need arises, you will have taken that difficult decision-making process out of the equation. Source: http://www.techradar.com/news/software/security-software/why-having-a-ddos-playbook-is-essential-for-your-organisation-1232315

View original post here:
Why having a DDoS Playbook is essential for your organisation

Huobi Site Down as It Fends Against DDOS Attacks

Huobi, claimed to be the world’s largest Bitcoin exchange by volume, appears to be down due to “maintenance” to fend off “a large number of DDOS attacks”. The homepage immediately redirects to the warning. Trading and all site functions are unavailable. The warning states that all should return to normal by 15:00. As of 17:00 China Standard Time (CST), the site is still down. Bitcoin (BTC) remains at 3475 yuan on Huobi, or $558, diverging from the $565 found on other major exchanges. For Huobi, the last week has been one of when it rains, it pours. Earlier last week, they launched Litecoin trading. Litecoin prices underwent an enormous boom and bust in span of 48 hours as hype quickly built up in anticipation for LTC’s addition to Huobi, followed by its crash back to earth. On Friday, Bitcoin on Huobi took a reverse course: it crashed by 14% from 3700 to 3200, only to immediately reverse course almost all the way back to par. On OKCoin, BTC swung by double the magnitude, bottoming at 2653, or a loss of 30%. The “flash crash” seemed to have resulted from a rumor on Weibo that China’s central bank issued a document asking all Bitcoin transactions to cease by April 15. The Weibo was forwarded to Sino Financial Report, one of the biggest news agencies in China, without confirmation, and from there to a large number of readers. The Sina news feed was later edited to have a vaguer tone and then removed altogether. So rapid was the rumor and its “retraction” that USD-based exchanges barely had time to react at all, with BTC-e and Bitstamp losing no more than 7% during the period. Since the event, Bitcoin prices have followed a gradual downtrend, trading well below $600, their lowest levels since MtGox’s was becoming a reality. The “flash crash” is reminiscent to the one observed in equity markets on May 6, 2010, when the Dow Jones Industrial Average crashed by over 1000 points (9%) and recovered in a matter of minutes. There, an abnormally large sell order triggered a sell-off exaggerated by high frequency traders looking to capitalize. It has not been confirmed if the flash crash and today’s outage are linked in any way. In theory, one can speculate that the abnormally high volume and severe price movements exposed a vulnerability to potential hackers not previously observed. Source: http://www.dcmagnates.com/huobi-site-down-as-it-fends-against-ddos-attacks/

See original article:
Huobi Site Down as It Fends Against DDOS Attacks

Westboro, Northboro Verizon service hit by DDoS attack

Since March 3 — and perhaps as far back as Feb. 26 — Verizon customers in Westboro and Northboro had been experiencing regular and constant interruptions to their Internet and phone service. Dozens of Westboro residents have discussed the service outages on Facebook (and offer sharp-tongued critiques of Verizon’s response), and six have filed complaints with the state Office of Consumer Affairs and Business Regulation. The disruptions, according to Verizon spokesman Philip G. Santoro, were caused by repeated cyberattacks on one residential customer in Westboro. The cyberattack is called a dynamic denial of service, a DDOS or DOS. In an email, Mr. Santoro described the attack thusly: “Someone deliberately flooded that customer with an overwhelming amount of traffic that rendered their Internet service inoperable.” “When that happened, it caused Internet service to periodically slow down for other customers in Westborough,” he wrote. “We are working to restore service to normal as soon as possible. DOS attacks are all too common today among customers of all Internet providers. It’s important to remind Internet users to keep their firewalls operating and to keep their security software current.” Interestingly, though, when I first asked Mr. Santoro about this, he said there were no widespread outages reported. I think that is because there was nothing physically wrong with the FiOS lines — no technical problems, no trees on the line, etc. At Verizon, the lines were all reported to be working as normal. But customers were calling in complaints and opening repair tickets left and right. The state logs the complaints and passes them on to the service provider, in this case Verizon, said Jayda Leder-Luis, communications coordinator for the Office of Consumer Affairs and Business Regulation. “DOS is a cybersecurity issue, one that can affect voice services that rely on access to the Internet (like VOIP),” she wrote in an email, referring to Voice Over Internet Protocol, in which phone service is provided through an Internet connection. “Those were the kinds of complaints we were receiving.” For dozens of residential and business customers in Westboro and Northboro, the interruptions were frustrating. “It happened around 3 o’clock, every day,” said Allen Falcon, chief executive officer for Cumulus Global, a cloud computing company in Westboro. “Sometimes it was a few minutes, sometimes 45 minutes to an hour.” A few times, the interruptions occurred in the morning, just after 9 a.m., he said. Since the company’s phone service and Internet connection runs through a FiOS line provided by Verizon, when the FiOS line goes out, customers lose both phone and Internet. “For us, it’s incredibly embarrassing as a technology company, to lose our service like this,” he said. “We’re talking to someone and the phone lines goes down, the Internet goes down.” The company has workarounds, in which the office can switch its Internet and phone service to a 4G service provided by their cellphones. “But it’s slower performing and more expensive,” he said. “Some days, around 3 p.m., we have to consider, ‘Should we switch, just in case?’ “ Several customers reported that Verizon had a lot of trouble pinpointing the cause of the interruptions, and several of them had Verizon technicians visit their homes and replace their routers. Since the cause was later determined to be this DOS cyberattack, replacing their routers looks like, in hindsight, a waste of time and money. Steve Winer, a Westboro resident, said Verizon installed a new router at his home, but it made no difference. The outages continued. “I am just wondering how much time and money was wasted on this,” he wrote in an email. “I know I spent at least a couple of hours on the phone, and others shared similar stories. But, if you add up all the shipped routers and unnecessary service calls, along with the time both of us customers and (Verizon) personnel, I am sure it really adds up, and could have been avoided if someone had simply put two and two together and posted a chronic outage which began in February.” On Tuesday, Verizon apparently pinpointed the exact Internet Protocol address of the Verizon customer being attacked, and shut down the customer’s FiOS service. The slowdowns and service interruptions have stopped. Let’s hope they never return. Source: http://www.telegram.com/article/20140323/COLUMN73/303239976/1002/business

View the original here:
Westboro, Northboro Verizon service hit by DDoS attack

Hootsuite Quickly Responds To DoS Attack, Ensures Users Their Data Is Secure

At 6:45 am PST the team at HootSuite were forced to deal with a denial of service (DoS) attack. The company quickly responded to the attack and then responded proactively to the attack. On the HootSuite blog CEO Ryan Holmes writes: “While HootSuite users were for a short time unable to access the dashboard, service has now been restored, and no customer data was compromised. Only web traffic to the dashboard and mobile APIs was affected. HootSuite Engineering and Security teams were able to respond immediately, and are working with hosting providers to mitigate the impact of any future attacks.” Hackers use DoS attacks as a simple, albeit crude method, for taking down a company’s internet capabilities. Hackers essentially send millions, even billions of requests to a company’s services, hoping to overload their capabilities, thus shutting down their systems. In his post Holmes puts user minds at ease: “The security of our customers’ information is our highest priority. It was not put at risk today.” The company goes on to thank customers for their patience as they deal with the attack. At approximately 12:00 PM Central time the company sent an update tweet: We’ve made it no secret at SocialNewsDaily that we are fans of the HootSuite platform for both personal and enterprise use, this quick and proactive response only further strengthens our view on their platform. Source: http://socialnewsdaily.com/27263/hootsuite-dos-attack-response/

Original post:
Hootsuite Quickly Responds To DoS Attack, Ensures Users Their Data Is Secure

Hack DDoS attacks battled by net’s timekeepers

A massive worldwide effort is under way to harden the net’s clocks against hack attacks. The last few months have seen an “explosion” in the number of attacks abusing unprotected time servers, said security company Arbor. Unprotected network time servers can be used to swamp target computers with huge amounts of data. About 93% of all the vulnerable servers are now believed to have been patched against attacks. ‘Appropriate’ use The attack that paved the way for the rapid rise was carried out by the Derp Trolling hacker group and was aimed at servers for the popular online game League of Legends, said Darren Anstee, a network architect at net monitoring firm Arbor. That attack took advantage of weaknesses in older versions of the software underlying the network time protocol (NTP). Known as an “NTP reflection” attack, it used several thousand poorly configured computers handling NTP requests to send data to the League of Legend servers. Around the world about 1.6 million NTP servers were thought to be vulnerable to abuse by attackers, said Harlan Stenn from the Network Time Foundation that helped co-ordinate action to harden servers. Precise timings are very important to the steady running of the net and many of the services, such as email and e-commerce, that sit on it. Early 2014 saw the start of an Open NTP initiative that tried to alert people running time servers to the potential for abuse, Mr Stenn told the BBC. Now, he said, more than 93% of those vulnerable servers had been updated. However, he said, this did leave more than 97,000 still open to abuse. Arbor estimates that it would take 5,000-7,000 NTP servers to mount an overwhelming attack. The feature that attackers had exploited had been known for a long time in the net time community and was not a problem as long as those servers were used “appropriately”, he said. “This was before spammers, and well before the crackers started using viruses and malware to build bot armies for spamming, phishing, or DDoS attacks,” he said. Distributed Denial of Service (DDoS) attacks are those that try to shut servers down by overwhelming them with data. The success of the Derp Trolling attack prompted a lot of copycat activity, said Mr Anstee from Arbor. “Since that event it’s gone a bit nuts to an extent and that tends to happen in the attack world when one particular group succeeds,” he said. “We’ve seen an explosion in NTP reflection activity.” NTP reflection attacks can generate hundreds of gigabits of traffic every second, said Mr Anstee, completely overwhelming any server they are aimed at. The copycat attacks have fed into a spike in the number of “large events”, mainly DDoS attacks, that Arbor sees hitting the net, he said. “Historically we used to see a couple of hundred gigabit events every year,” said Mr Anstee. “In February 2014 we tracked 43.” Source: http://www.bbc.com/news/technology-26662051

Link:
Hack DDoS attacks battled by net’s timekeepers